import * as Core from 'cloudflare/core'; import { APIResource } from 'cloudflare/resource'; import * as IdentityProvidersAPI from 'cloudflare/resources/zero-trust/identity-providers'; import { SinglePage } from 'cloudflare/pagination'; export declare class IdentityProviders extends APIResource { /** * Adds a new identity provider to Access. */ create(params: IdentityProviderCreateParams, options?: Core.RequestOptions): Core.APIPromise; /** * Updates a configured identity provider. */ update(uuid: string, params: IdentityProviderUpdateParams, options?: Core.RequestOptions): Core.APIPromise; /** * Lists all configured identity providers. */ list(params?: IdentityProviderListParams, options?: Core.RequestOptions): Core.PagePromise; list(options?: Core.RequestOptions): Core.PagePromise; /** * Deletes an identity provider from Access. */ delete(uuid: string, params?: IdentityProviderDeleteParams, options?: Core.RequestOptions): Core.APIPromise; delete(uuid: string, options?: Core.RequestOptions): Core.APIPromise; /** * Fetches a configured identity provider. */ get(uuid: string, params?: IdentityProviderGetParams, options?: Core.RequestOptions): Core.APIPromise; get(uuid: string, options?: Core.RequestOptions): Core.APIPromise; } export declare class IdentityProviderListResponsesSinglePage extends SinglePage { } export type ZeroTrustIdentityProviders = ZeroTrustIdentityProviders.AccessAzureAd | ZeroTrustIdentityProviders.AccessCentrify | ZeroTrustIdentityProviders.AccessFacebook | ZeroTrustIdentityProviders.AccessGitHub | ZeroTrustIdentityProviders.AccessGoogle | ZeroTrustIdentityProviders.AccessGoogleApps | ZeroTrustIdentityProviders.AccessLinkedin | ZeroTrustIdentityProviders.AccessOidc | ZeroTrustIdentityProviders.AccessOkta | ZeroTrustIdentityProviders.AccessOnelogin | ZeroTrustIdentityProviders.AccessPingone | ZeroTrustIdentityProviders.AccessSaml | ZeroTrustIdentityProviders.AccessYandex | ZeroTrustIdentityProviders.AccessOnetimepin; export declare namespace ZeroTrustIdentityProviders { interface AccessAzureAd { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessAzureAd.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessAzureAd.ScimConfig; } namespace AccessAzureAd { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * Should Cloudflare try to load authentication contexts from your account */ conditional_access_enabled?: boolean; /** * Your Azure directory uuid */ directory_id?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; /** * Indicates the type of user interaction that is required. prompt=login forces the * user to enter their credentials on that request, negating single-sign on. * prompt=none is the opposite. It ensures that the user isn't presented with any * interactive prompt. If the request can't be completed silently by using * single-sign on, the Microsoft identity platform returns an interaction_required * error. prompt=select_account interrupts single sign-on providing account * selection experience listing all the accounts either in session or any * remembered account or an option to choose to use a different account altogether. */ prompt?: 'login' | 'select_account' | 'none'; /** * Should Cloudflare try to load groups from your account */ support_groups?: boolean; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessCentrify { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessCentrify.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessCentrify.ScimConfig; } namespace AccessCentrify { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your centrify account url */ centrify_account?: string; /** * Your centrify app id */ centrify_app_id?: string; /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessFacebook { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessFacebook.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessFacebook.ScimConfig; } namespace AccessFacebook { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessGitHub { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessGitHub.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessGitHub.ScimConfig; } namespace AccessGitHub { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessGoogle { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessGoogle.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessGoogle.ScimConfig; } namespace AccessGoogle { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessGoogleApps { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessGoogleApps.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessGoogleApps.ScimConfig; } namespace AccessGoogleApps { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your companies TLD */ apps_domain?: string; /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessLinkedin { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessLinkedin.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessLinkedin.ScimConfig; } namespace AccessLinkedin { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessOidc { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessOidc.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessOidc.ScimConfig; } namespace AccessOidc { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * The authorization_endpoint URL of your IdP */ auth_url?: string; /** * The jwks_uri endpoint of your IdP to allow the IdP keys to sign the tokens */ certs_url?: string; /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; /** * OAuth scopes */ scopes?: Array; /** * The token_endpoint URL of your IdP */ token_url?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessOkta { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessOkta.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessOkta.ScimConfig; } namespace AccessOkta { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your okta authorization server id */ authorization_server_id?: string; /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; /** * Your okta account url */ okta_account?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessOnelogin { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessOnelogin.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessOnelogin.ScimConfig; } namespace AccessOnelogin { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; /** * Your OneLogin account url */ onelogin_account?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessPingone { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessPingone.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessPingone.ScimConfig; } namespace AccessPingone { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; /** * Your PingOne environment identifier */ ping_env_id?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessSaml { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessSaml.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessSaml.ScimConfig; } namespace AccessSaml { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * A list of SAML attribute names that will be added to your signed JWT token and * can be used in SAML policy rules. */ attributes?: Array; /** * The attribute name for email in the SAML response. */ email_attribute_name?: string; /** * Add a list of attribute names that will be returned in the response header from * the Access callback. */ header_attributes?: Array; /** * X509 certificate to verify the signature in the SAML authentication response */ idp_public_certs?: Array; /** * IdP Entity ID or Issuer URL */ issuer_url?: string; /** * Sign the SAML authentication request with Access credentials. To verify the * signature, use the public key from the Access certs endpoints. */ sign_request?: boolean; /** * URL to send the SAML authentication requests to */ sso_target_url?: string; } namespace Config { interface HeaderAttribute { /** * attribute name from the IDP */ attribute_name?: string; /** * header that will be added on the request to the origin */ header_name?: string; } } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessYandex { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessYandex.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessYandex.ScimConfig; } namespace AccessYandex { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessOnetimepin { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: unknown; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessOnetimepin.ScimConfig; } namespace AccessOnetimepin { /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } } export type IdentityProviderListResponse = IdentityProviderListResponse.AccessAzureAd | IdentityProviderListResponse.AccessCentrify | IdentityProviderListResponse.AccessFacebook | IdentityProviderListResponse.AccessGitHub | IdentityProviderListResponse.AccessGoogle | IdentityProviderListResponse.AccessGoogleApps | IdentityProviderListResponse.AccessLinkedin | IdentityProviderListResponse.AccessOidc | IdentityProviderListResponse.AccessOkta | IdentityProviderListResponse.AccessOnelogin | IdentityProviderListResponse.AccessPingone | IdentityProviderListResponse.AccessSaml | IdentityProviderListResponse.AccessYandex; export declare namespace IdentityProviderListResponse { interface AccessAzureAd { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessAzureAd.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessAzureAd.ScimConfig; } namespace AccessAzureAd { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * Should Cloudflare try to load authentication contexts from your account */ conditional_access_enabled?: boolean; /** * Your Azure directory uuid */ directory_id?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; /** * Indicates the type of user interaction that is required. prompt=login forces the * user to enter their credentials on that request, negating single-sign on. * prompt=none is the opposite. It ensures that the user isn't presented with any * interactive prompt. If the request can't be completed silently by using * single-sign on, the Microsoft identity platform returns an interaction_required * error. prompt=select_account interrupts single sign-on providing account * selection experience listing all the accounts either in session or any * remembered account or an option to choose to use a different account altogether. */ prompt?: 'login' | 'select_account' | 'none'; /** * Should Cloudflare try to load groups from your account */ support_groups?: boolean; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessCentrify { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessCentrify.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessCentrify.ScimConfig; } namespace AccessCentrify { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your centrify account url */ centrify_account?: string; /** * Your centrify app id */ centrify_app_id?: string; /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessFacebook { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessFacebook.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessFacebook.ScimConfig; } namespace AccessFacebook { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessGitHub { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessGitHub.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessGitHub.ScimConfig; } namespace AccessGitHub { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessGoogle { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessGoogle.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessGoogle.ScimConfig; } namespace AccessGoogle { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessGoogleApps { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessGoogleApps.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessGoogleApps.ScimConfig; } namespace AccessGoogleApps { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your companies TLD */ apps_domain?: string; /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessLinkedin { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessLinkedin.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessLinkedin.ScimConfig; } namespace AccessLinkedin { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessOidc { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessOidc.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessOidc.ScimConfig; } namespace AccessOidc { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * The authorization_endpoint URL of your IdP */ auth_url?: string; /** * The jwks_uri endpoint of your IdP to allow the IdP keys to sign the tokens */ certs_url?: string; /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; /** * OAuth scopes */ scopes?: Array; /** * The token_endpoint URL of your IdP */ token_url?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessOkta { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessOkta.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessOkta.ScimConfig; } namespace AccessOkta { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your okta authorization server id */ authorization_server_id?: string; /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; /** * Your okta account url */ okta_account?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessOnelogin { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessOnelogin.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessOnelogin.ScimConfig; } namespace AccessOnelogin { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; /** * Your OneLogin account url */ onelogin_account?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessPingone { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessPingone.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessPingone.ScimConfig; } namespace AccessPingone { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; /** * Your PingOne environment identifier */ ping_env_id?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessSaml { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessSaml.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessSaml.ScimConfig; } namespace AccessSaml { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * A list of SAML attribute names that will be added to your signed JWT token and * can be used in SAML policy rules. */ attributes?: Array; /** * The attribute name for email in the SAML response. */ email_attribute_name?: string; /** * Add a list of attribute names that will be returned in the response header from * the Access callback. */ header_attributes?: Array; /** * X509 certificate to verify the signature in the SAML authentication response */ idp_public_certs?: Array; /** * IdP Entity ID or Issuer URL */ issuer_url?: string; /** * Sign the SAML authentication request with Access credentials. To verify the * signature, use the public key from the Access certs endpoints. */ sign_request?: boolean; /** * URL to send the SAML authentication requests to */ sso_target_url?: string; } namespace Config { interface HeaderAttribute { /** * attribute name from the IDP */ attribute_name?: string; /** * header that will be added on the request to the origin */ header_name?: string; } } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessYandex { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessYandex.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessYandex.ScimConfig; } namespace AccessYandex { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } } export interface IdentityProviderDeleteResponse { /** * UUID */ id?: string; } export type IdentityProviderCreateParams = IdentityProviderCreateParams.AccessAzureAd | IdentityProviderCreateParams.AccessCentrify | IdentityProviderCreateParams.AccessFacebook | IdentityProviderCreateParams.AccessGitHub | IdentityProviderCreateParams.AccessGoogle | IdentityProviderCreateParams.AccessGoogleApps | IdentityProviderCreateParams.AccessLinkedin | IdentityProviderCreateParams.AccessOidc | IdentityProviderCreateParams.AccessOkta | IdentityProviderCreateParams.AccessOnelogin | IdentityProviderCreateParams.AccessPingone | IdentityProviderCreateParams.AccessSaml | IdentityProviderCreateParams.AccessYandex | IdentityProviderCreateParams.AccessOnetimepin; export declare namespace IdentityProviderCreateParams { interface AccessAzureAd { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderCreateParams.AccessAzureAd.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderCreateParams.AccessAzureAd.ScimConfig; } namespace AccessAzureAd { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * Should Cloudflare try to load authentication contexts from your account */ conditional_access_enabled?: boolean; /** * Your Azure directory uuid */ directory_id?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; /** * Indicates the type of user interaction that is required. prompt=login forces the * user to enter their credentials on that request, negating single-sign on. * prompt=none is the opposite. It ensures that the user isn't presented with any * interactive prompt. If the request can't be completed silently by using * single-sign on, the Microsoft identity platform returns an interaction_required * error. prompt=select_account interrupts single sign-on providing account * selection experience listing all the accounts either in session or any * remembered account or an option to choose to use a different account altogether. */ prompt?: 'login' | 'select_account' | 'none'; /** * Should Cloudflare try to load groups from your account */ support_groups?: boolean; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessCentrify { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderCreateParams.AccessCentrify.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderCreateParams.AccessCentrify.ScimConfig; } namespace AccessCentrify { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your centrify account url */ centrify_account?: string; /** * Your centrify app id */ centrify_app_id?: string; /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessFacebook { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderCreateParams.AccessFacebook.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderCreateParams.AccessFacebook.ScimConfig; } namespace AccessFacebook { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessGitHub { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderCreateParams.AccessGitHub.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderCreateParams.AccessGitHub.ScimConfig; } namespace AccessGitHub { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessGoogle { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderCreateParams.AccessGoogle.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderCreateParams.AccessGoogle.ScimConfig; } namespace AccessGoogle { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessGoogleApps { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderCreateParams.AccessGoogleApps.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderCreateParams.AccessGoogleApps.ScimConfig; } namespace AccessGoogleApps { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your companies TLD */ apps_domain?: string; /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessLinkedin { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderCreateParams.AccessLinkedin.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderCreateParams.AccessLinkedin.ScimConfig; } namespace AccessLinkedin { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessOidc { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderCreateParams.AccessOidc.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderCreateParams.AccessOidc.ScimConfig; } namespace AccessOidc { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * The authorization_endpoint URL of your IdP */ auth_url?: string; /** * The jwks_uri endpoint of your IdP to allow the IdP keys to sign the tokens */ certs_url?: string; /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; /** * OAuth scopes */ scopes?: Array; /** * The token_endpoint URL of your IdP */ token_url?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessOkta { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderCreateParams.AccessOkta.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderCreateParams.AccessOkta.ScimConfig; } namespace AccessOkta { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your okta authorization server id */ authorization_server_id?: string; /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; /** * Your okta account url */ okta_account?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessOnelogin { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderCreateParams.AccessOnelogin.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderCreateParams.AccessOnelogin.ScimConfig; } namespace AccessOnelogin { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; /** * Your OneLogin account url */ onelogin_account?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessPingone { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderCreateParams.AccessPingone.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderCreateParams.AccessPingone.ScimConfig; } namespace AccessPingone { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; /** * Your PingOne environment identifier */ ping_env_id?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessSaml { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderCreateParams.AccessSaml.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderCreateParams.AccessSaml.ScimConfig; } namespace AccessSaml { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * A list of SAML attribute names that will be added to your signed JWT token and * can be used in SAML policy rules. */ attributes?: Array; /** * The attribute name for email in the SAML response. */ email_attribute_name?: string; /** * Add a list of attribute names that will be returned in the response header from * the Access callback. */ header_attributes?: Array; /** * X509 certificate to verify the signature in the SAML authentication response */ idp_public_certs?: Array; /** * IdP Entity ID or Issuer URL */ issuer_url?: string; /** * Sign the SAML authentication request with Access credentials. To verify the * signature, use the public key from the Access certs endpoints. */ sign_request?: boolean; /** * URL to send the SAML authentication requests to */ sso_target_url?: string; } namespace Config { interface HeaderAttribute { /** * attribute name from the IDP */ attribute_name?: string; /** * header that will be added on the request to the origin */ header_name?: string; } } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessYandex { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderCreateParams.AccessYandex.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderCreateParams.AccessYandex.ScimConfig; } namespace AccessYandex { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessOnetimepin { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: unknown; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderCreateParams.AccessOnetimepin.ScimConfig; } namespace AccessOnetimepin { /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } } export type IdentityProviderUpdateParams = IdentityProviderUpdateParams.AccessAzureAd | IdentityProviderUpdateParams.AccessCentrify | IdentityProviderUpdateParams.AccessFacebook | IdentityProviderUpdateParams.AccessGitHub | IdentityProviderUpdateParams.AccessGoogle | IdentityProviderUpdateParams.AccessGoogleApps | IdentityProviderUpdateParams.AccessLinkedin | IdentityProviderUpdateParams.AccessOidc | IdentityProviderUpdateParams.AccessOkta | IdentityProviderUpdateParams.AccessOnelogin | IdentityProviderUpdateParams.AccessPingone | IdentityProviderUpdateParams.AccessSaml | IdentityProviderUpdateParams.AccessYandex | IdentityProviderUpdateParams.AccessOnetimepin; export declare namespace IdentityProviderUpdateParams { interface AccessAzureAd { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderUpdateParams.AccessAzureAd.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderUpdateParams.AccessAzureAd.ScimConfig; } namespace AccessAzureAd { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * Should Cloudflare try to load authentication contexts from your account */ conditional_access_enabled?: boolean; /** * Your Azure directory uuid */ directory_id?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; /** * Indicates the type of user interaction that is required. prompt=login forces the * user to enter their credentials on that request, negating single-sign on. * prompt=none is the opposite. It ensures that the user isn't presented with any * interactive prompt. If the request can't be completed silently by using * single-sign on, the Microsoft identity platform returns an interaction_required * error. prompt=select_account interrupts single sign-on providing account * selection experience listing all the accounts either in session or any * remembered account or an option to choose to use a different account altogether. */ prompt?: 'login' | 'select_account' | 'none'; /** * Should Cloudflare try to load groups from your account */ support_groups?: boolean; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessCentrify { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderUpdateParams.AccessCentrify.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderUpdateParams.AccessCentrify.ScimConfig; } namespace AccessCentrify { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your centrify account url */ centrify_account?: string; /** * Your centrify app id */ centrify_app_id?: string; /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessFacebook { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderUpdateParams.AccessFacebook.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderUpdateParams.AccessFacebook.ScimConfig; } namespace AccessFacebook { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessGitHub { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderUpdateParams.AccessGitHub.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderUpdateParams.AccessGitHub.ScimConfig; } namespace AccessGitHub { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessGoogle { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderUpdateParams.AccessGoogle.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderUpdateParams.AccessGoogle.ScimConfig; } namespace AccessGoogle { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessGoogleApps { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderUpdateParams.AccessGoogleApps.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderUpdateParams.AccessGoogleApps.ScimConfig; } namespace AccessGoogleApps { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your companies TLD */ apps_domain?: string; /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessLinkedin { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderUpdateParams.AccessLinkedin.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderUpdateParams.AccessLinkedin.ScimConfig; } namespace AccessLinkedin { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessOidc { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderUpdateParams.AccessOidc.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderUpdateParams.AccessOidc.ScimConfig; } namespace AccessOidc { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * The authorization_endpoint URL of your IdP */ auth_url?: string; /** * The jwks_uri endpoint of your IdP to allow the IdP keys to sign the tokens */ certs_url?: string; /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; /** * OAuth scopes */ scopes?: Array; /** * The token_endpoint URL of your IdP */ token_url?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessOkta { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderUpdateParams.AccessOkta.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderUpdateParams.AccessOkta.ScimConfig; } namespace AccessOkta { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your okta authorization server id */ authorization_server_id?: string; /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; /** * Your okta account url */ okta_account?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessOnelogin { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderUpdateParams.AccessOnelogin.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderUpdateParams.AccessOnelogin.ScimConfig; } namespace AccessOnelogin { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; /** * Your OneLogin account url */ onelogin_account?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessPingone { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderUpdateParams.AccessPingone.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderUpdateParams.AccessPingone.ScimConfig; } namespace AccessPingone { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Custom claims */ claims?: Array; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; /** * Your PingOne environment identifier */ ping_env_id?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessSaml { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderUpdateParams.AccessSaml.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderUpdateParams.AccessSaml.ScimConfig; } namespace AccessSaml { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * A list of SAML attribute names that will be added to your signed JWT token and * can be used in SAML policy rules. */ attributes?: Array; /** * The attribute name for email in the SAML response. */ email_attribute_name?: string; /** * Add a list of attribute names that will be returned in the response header from * the Access callback. */ header_attributes?: Array; /** * X509 certificate to verify the signature in the SAML authentication response */ idp_public_certs?: Array; /** * IdP Entity ID or Issuer URL */ issuer_url?: string; /** * Sign the SAML authentication request with Access credentials. To verify the * signature, use the public key from the Access certs endpoints. */ sign_request?: boolean; /** * URL to send the SAML authentication requests to */ sso_target_url?: string; } namespace Config { interface HeaderAttribute { /** * attribute name from the IDP */ attribute_name?: string; /** * header that will be added on the request to the origin */ header_name?: string; } } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessYandex { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: IdentityProviderUpdateParams.AccessYandex.Config; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderUpdateParams.AccessYandex.ScimConfig; } namespace AccessYandex { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessOnetimepin { /** * Body param: The configuration parameters for the identity provider. To view the * required parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: unknown; /** * Body param: The name of the identity provider, shown to users on the login page. */ name: string; /** * Body param: The type of identity provider. To determine the value for a specific * provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. */ scim_config?: IdentityProviderUpdateParams.AccessOnetimepin.ScimConfig; } namespace AccessOnetimepin { /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } } export interface IdentityProviderListParams { /** * The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. */ account_id?: string; /** * The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. */ zone_id?: string; } export interface IdentityProviderDeleteParams { /** * The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. */ account_id?: string; /** * The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. */ zone_id?: string; } export interface IdentityProviderGetParams { /** * The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. */ account_id?: string; /** * The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. */ zone_id?: string; } export declare namespace IdentityProviders { export import ZeroTrustIdentityProviders = IdentityProvidersAPI.ZeroTrustIdentityProviders; export import IdentityProviderListResponse = IdentityProvidersAPI.IdentityProviderListResponse; export import IdentityProviderDeleteResponse = IdentityProvidersAPI.IdentityProviderDeleteResponse; export import IdentityProviderListResponsesSinglePage = IdentityProvidersAPI.IdentityProviderListResponsesSinglePage; export import IdentityProviderCreateParams = IdentityProvidersAPI.IdentityProviderCreateParams; export import IdentityProviderUpdateParams = IdentityProvidersAPI.IdentityProviderUpdateParams; export import IdentityProviderListParams = IdentityProvidersAPI.IdentityProviderListParams; export import IdentityProviderDeleteParams = IdentityProvidersAPI.IdentityProviderDeleteParams; export import IdentityProviderGetParams = IdentityProvidersAPI.IdentityProviderGetParams; } //# sourceMappingURL=identity-providers.d.ts.map