{"Scopes define permissions and access levels for API requests and authentication tokens."}
true promotes to a domain-level connection so that
third-party applications can use it. false does not
promote the connection, so only first-party applications with the
connection enabled can use it. (Defaults to false.)
show_as_button:
type: boolean
description: >-
Enables showing a button for the connection in the login page (new
experience only). If false, it will be usable only by HRD. (Defaults
to false.)
metadata:
$ref: '#/components/schemas/ConnectionsMetadata'
options:
$ref: '#/components/schemas/SelfServiceProfileSsoTicketConnectionOptions'
SelfServiceProfileSsoTicketEnabledOrganization:
type: object
additionalProperties: false
required:
- organization_id
properties:
organization_id:
type: string
description: Organization identifier.
maxLength: 50
format: organization-id
assign_membership_on_login:
type: boolean
description: >-
When true, all users that log in with this connection will be
automatically granted membership in the organization. When false,
users must be granted membership in the organization before logging
in with this connection.
show_as_button:
type: boolean
description: >-
Determines whether a connection should be displayed on this
organization’s login prompt. Only applicable for enterprise
connections. Default: true.
SelfServiceProfileSsoTicketDomainAliasesConfig:
type: object
description: >-
Configuration for the setup of the connection’s domain_aliases in the
Self-Service Enterprise Configuration flow.
additionalProperties: false
required:
- domain_verification
properties:
domain_verification:
$ref: >-
#/components/schemas/SelfServiceProfileSsoTicketDomainVerificationEnum
pending_domains:
type: array
description: >-
List of domains that will be submitted for verification during the
Self-Service Enterprise Configuration flow.
x-release-lifecycle: GA
items:
type: string
minLength: 1
maxLength: 255
SelfServiceProfileSsoTicketProvisioningConfig:
type: object
description: Configuration for the setup of Provisioning in the self-service flow.
additionalProperties: false
x-release-lifecycle: GA
properties:
scopes:
type: array
description: >-
The scopes of the SCIM tokens generated during the self-service
flow.
minItems: 1
items:
$ref: >-
#/components/schemas/SelfServiceProfileSsoTicketProvisioningScopeEnum
google_workspace:
$ref: >-
#/components/schemas/SelfServiceProfileSsoTicketGoogleWorkspaceConfig
x-release-lifecycle: GA
token_lifetime:
description: >-
Lifetime of the tokens in seconds. Must be greater than 900. If not
provided, the tokens don't expire.
type:
- integer
- 'null'
minimum: 900
SelfServiceProfileSsoTicketEnabledFeatures:
type: object
description: >-
Specifies which features are enabled for an "edit connection" ticket.
Only applicable when connection ID is provided.
additionalProperties: false
x-release-lifecycle: GA
properties:
sso:
type: boolean
description: Whether SSO configuration is enabled in this ticket.
domain_verification:
type: boolean
description: Whether domain verification is enabled in this ticket.
provisioning:
type: boolean
description: Whether provisioning configuration is enabled in this ticket.
ConnectionsMetadata:
type: object
description: >-
Metadata associated with the connection in the form of an object with
string values (max 255 chars). Maximum of 10 metadata properties
allowed.
additionalProperties:
type:
- string
- 'null'
maxLength: 255
maxProperties: 10
SelfServiceProfileSsoTicketConnectionOptions:
type:
- object
- 'null'
description: The connection's options (depend on the connection strategy)
additionalProperties: false
properties:
icon_url:
type:
- string
- 'null'
description: URL for the icon. Must use HTTPS.
format: strict-https-uri-or-null
domain_aliases:
type:
- array
- 'null'
description: >-
List of domain_aliases that can be authenticated in the Identity
Provider
items:
type: string
minLength: 1
maxLength: 255
idpinitiated:
$ref: '#/components/schemas/SelfServiceProfileSsoTicketIdpInitiatedOptions'
SelfServiceProfileSsoTicketDomainVerificationEnum:
type: string
description: >-
Whether the end user should complete the domain verification step.
Possible values are 'none' (the step is not shown to the user),
'optional' (the user may add a domain alias in the domain verification
step) or 'required' (the user must add a domain alias in order to enable
the connection). Defaults to 'none'.
enum:
- none
- optional
- required
SelfServiceProfileSsoTicketProvisioningScopeEnum:
type: string
enum:
- get:users
- post:users
- put:users
- patch:users
- delete:users
- get:groups
- post:groups
- put:groups
- patch:groups
- delete:groups
SelfServiceProfileSsoTicketGoogleWorkspaceConfig:
type: object
description: >-
Configuration for Google Workspace Directory Sync during the
self-service flow.
additionalProperties: false
required:
- sync_users
x-release-lifecycle: GA
properties:
sync_users:
type: boolean
description: >-
Whether to enable Google Workspace Directory Sync for users during
the self-service flow.
SelfServiceProfileSsoTicketIdpInitiatedOptions:
type:
- object
- 'null'
description: Allows IdP-initiated login
additionalProperties: false
properties:
enabled:
type: boolean
description: Enables IdP-initiated login for this connection
client_id:
type: string
description: >-
Default application client_id user is redirected to
after validated SAML response
format: client-id
client_protocol:
$ref: >-
#/components/schemas/SelfServiceProfileSsoTicketIdpInitiatedClientProtocolEnum
client_authorizequery:
type: string
description: >-
Query string options to customize the behaviour for OpenID Connect
when idpinitiated.client_protocol is
oauth2. Allowed parameters: redirect_uri,
scope, response_type. For example,
redirect_uri=https://jwt.io&scope=openid
email&response_type=token
maxLength: 256
SelfServiceProfileSsoTicketIdpInitiatedClientProtocolEnum:
type: string
description: The protocol used to connect to the the default application
enum:
- samlp
- wsfed
- oauth2
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: jwt
oAuth2ClientCredentials:
type: oauth2
flows:
clientCredentials:
tokenUrl: /oauth/token/
x-form-parameters:
audience: /api/v2/
scopes:
create:actions: Create Actions
read:actions: Read Actions
update:actions: Update Actions
delete:actions: Delete Actions
read:anomaly_blocks: Read Anomaly Blocks
delete:anomaly_blocks: Delete Anomaly Blocks
read:attack_protection: Read Attack Protection
update:attack_protection: Update Attack Protection
create:authentication_methods: Create Authentication Methods
read:authentication_methods: Read Authentication Methods
update:authentication_methods: Update Authentication Methods
delete:authentication_methods: Delete Authentication Methods
read:branding: Read Branding
update:branding: Update Branding
delete:branding: Delete Branding
create:client_credentials: Create Client Credentials
read:client_credentials: Read Client Credentials
update:client_credentials: Update Client Credentials
delete:client_credentials: Delete Client Credentials
create:client_grants: Create Client Grants
read:client_grants: Read Client Grants
update:client_grants: Update Client Grants
delete:client_grants: Delete Client Grants
read:client_keys: Read Client Keys
update:client_keys: Update Client Keys
read:client_summary: Read Client Summary
update:client_token_vault_privileged_access: Update Client Token Vault Privileged Access
create:clients: Create Clients
read:clients: Read Clients
update:clients: Update Clients
delete:clients: Delete Clients
create:connection_profiles: Create Connection Profiles
read:connection_profiles: Read Connection Profiles
update:connection_profiles: Update Connection Profiles
delete:connection_profiles: Delete Connection Profiles
create:connections: Create Connections
read:connections: Read Connections
update:connections: Update Connections
delete:connections: Delete Connections
create:connections_keys: Create Connections Keys
read:connections_keys: Read Connections Keys
update:connections_keys: Update Connections Keys
read:current_user: Read Current User
delete:current_user: Delete Current User
create:current_user_device_credentials: Create Current User Device Credentials
delete:current_user_device_credentials: Delete Current User Device Credentials
update:current_user_identities: Update Current User Identities
update:current_user_metadata: Update Current User Metadata
create:custom_domains: Create Custom Domains
read:custom_domains: Read Custom Domains
update:custom_domains: Update Custom Domains
delete:custom_domains: Delete Custom Domains
create:custom_signing_keys: Create Custom Signing Keys
read:custom_signing_keys: Read Custom Signing Keys
update:custom_signing_keys: Update Custom Signing Keys
delete:custom_signing_keys: Delete Custom Signing Keys
read:device_credentials: Read Device Credentials
delete:device_credentials: Delete Device Credentials
create:directory_provisionings: Create Directory Provisionings
read:directory_provisionings: Read Directory Provisionings
update:directory_provisionings: Update Directory Provisionings
delete:directory_provisionings: Delete Directory Provisionings
create:email_provider: Create Email Provider
read:email_provider: Read Email Provider
update:email_provider: Update Email Provider
delete:email_provider: Delete Email Provider
create:email_templates: Create Email Templates
read:email_templates: Read Email Templates
update:email_templates: Update Email Templates
create:encryption_keys: Create Encryption Keys
read:encryption_keys: Read Encryption Keys
update:encryption_keys: Update Encryption Keys
delete:encryption_keys: Delete Encryption Keys
read:event_deliveries: Read Event Deliveries
update:event_deliveries: Update Event Deliveries
create:event_streams: Create Event Streams
read:event_streams: Read Event Streams
update:event_streams: Update Event Streams
delete:event_streams: Delete Event Streams
read:events: Read Events
create:experimentation: Create Experimentation
read:experimentation: Read Experimentation
update:experimentation: Update Experimentation
delete:experimentation: Delete Experimentation
read:federated_connections_tokens: Read Federated Connections Tokens
delete:federated_connections_tokens: Delete Federated Connections Tokens
create:flows: Create Flows
read:flows: Read Flows
update:flows: Update Flows
delete:flows: Delete Flows
read:flows_executions: Read Flows Executions
delete:flows_executions: Delete Flows Executions
create:flows_vault_connections: Create Flows Vault Connections
read:flows_vault_connections: Read Flows Vault Connections
update:flows_vault_connections: Update Flows Vault Connections
delete:flows_vault_connections: Delete Flows Vault Connections
create:forms: Create Forms
read:forms: Read Forms
update:forms: Update Forms
delete:forms: Delete Forms
read:grants: Read Grants
delete:grants: Delete Grants
read:group_members: Read Group Members
create:group_roles: Create Group Roles
read:group_roles: Read Group Roles
delete:group_roles: Delete Group Roles
read:groups: Read Groups
delete:groups: Delete Groups
create:guardian_enrollment_tickets: Create Guardian Enrollment Tickets
read:guardian_enrollments: Read Guardian Enrollments
delete:guardian_enrollments: Delete Guardian Enrollments
read:guardian_factors: Read Guardian Factors
update:guardian_factors: Update Guardian Factors
create:hooks: Create Hooks
read:hooks: Read Hooks
update:hooks: Update Hooks
delete:hooks: Delete Hooks
create:log_streams: Create Log Streams
read:log_streams: Read Log Streams
update:log_streams: Update Log Streams
delete:log_streams: Delete Log Streams
read:logs: Read Logs
read:logs_users: Read Logs Users
read:mfa_policies: Read Mfa Policies
update:mfa_policies: Update Mfa Policies
create:network_acls: Create Network Acls
read:network_acls: Read Network Acls
update:network_acls: Update Network Acls
delete:network_acls: Delete Network Acls
create:organization_client_grants: Create Organization Client Grants
read:organization_client_grants: Read Organization Client Grants
delete:organization_client_grants: Delete Organization Client Grants
create:organization_connections: Create Organization Connections
read:organization_connections: Read Organization Connections
update:organization_connections: Update Organization Connections
delete:organization_connections: Delete Organization Connections
create:organization_discovery_domains: Create Organization Discovery Domains
read:organization_discovery_domains: Read Organization Discovery Domains
update:organization_discovery_domains: Update Organization Discovery Domains
delete:organization_discovery_domains: Delete Organization Discovery Domains
create:organization_group_roles: Create Organization Group Roles
read:organization_group_roles: Read Organization Group Roles
delete:organization_group_roles: Delete Organization Group Roles
read:organization_groups: Read Organization Groups
create:organization_invitations: Create Organization Invitations
read:organization_invitations: Read Organization Invitations
delete:organization_invitations: Delete Organization Invitations
read:organization_member_effective_roles: Read Organization Member Effective Roles
read:organization_member_role_source_groups: Read Organization Member Role Source Groups
create:organization_member_roles: Create Organization Member Roles
read:organization_member_roles: Read Organization Member Roles
delete:organization_member_roles: Delete Organization Member Roles
create:organization_members: Create Organization Members
read:organization_members: Read Organization Members
delete:organization_members: Delete Organization Members
create:organizations: Create Organizations
read:organizations: Read Organizations
update:organizations: Update Organizations
delete:organizations: Delete Organizations
read:organizations_summary: Read Organizations Summary
create:phone_providers: Create Phone Providers
read:phone_providers: Read Phone Providers
update:phone_providers: Update Phone Providers
delete:phone_providers: Delete Phone Providers
create:phone_templates: Create Phone Templates
read:phone_templates: Read Phone Templates
update:phone_templates: Update Phone Templates
delete:phone_templates: Delete Phone Templates
read:prompts: Read Prompts
update:prompts: Update Prompts
create:rate_limit_policies: Create Rate Limit Policies
read:rate_limit_policies: Read Rate Limit Policies
update:rate_limit_policies: Update Rate Limit Policies
delete:rate_limit_policies: Delete Rate Limit Policies
read:refresh_tokens: Read Refresh Tokens
update:refresh_tokens: Update Refresh Tokens
delete:refresh_tokens: Delete Refresh Tokens
create:resource_servers: Create Resource Servers
read:resource_servers: Read Resource Servers
update:resource_servers: Update Resource Servers
delete:resource_servers: Delete Resource Servers
create:role_members: Create Role Members
read:role_members: Read Role Members
delete:role_members: Delete Role Members
create:roles: Create Roles
read:roles: Read Roles
update:roles: Update Roles
delete:roles: Delete Roles
create:rules: Create Rules
read:rules: Read Rules
update:rules: Update Rules
delete:rules: Delete Rules
read:rules_configs: Read Rules Configs
update:rules_configs: Update Rules Configs
delete:rules_configs: Delete Rules Configs
create:scim_config: Create Scim Config
read:scim_config: Read Scim Config
update:scim_config: Update Scim Config
delete:scim_config: Delete Scim Config
create:scim_token: Create Scim Token
read:scim_token: Read Scim Token
delete:scim_token: Delete Scim Token
read:self_service_profile_custom_texts: Read Self Service Profile Custom Texts
update:self_service_profile_custom_texts: Update Self Service Profile Custom Texts
create:self_service_profiles: Create Self Service Profiles
read:self_service_profiles: Read Self Service Profiles
update:self_service_profiles: Update Self Service Profiles
delete:self_service_profiles: Delete Self Service Profiles
read:sessions: Read Sessions
update:sessions: Update Sessions
delete:sessions: Delete Sessions
create:signing_keys: Create Signing Keys
read:signing_keys: Read Signing Keys
update:signing_keys: Update Signing Keys
create:sso_access_tickets: Create Sso Access Tickets
delete:sso_access_tickets: Delete Sso Access Tickets
read:stats: Read Stats
read:tenant_settings: Read Tenant Settings
update:tenant_settings: Update Tenant Settings
create:token_exchange_profiles: Create Token Exchange Profiles
read:token_exchange_profiles: Read Token Exchange Profiles
update:token_exchange_profiles: Update Token Exchange Profiles
delete:token_exchange_profiles: Delete Token Exchange Profiles
create:user_attribute_profiles: Create User Attribute Profiles
read:user_attribute_profiles: Read User Attribute Profiles
update:user_attribute_profiles: Update User Attribute Profiles
delete:user_attribute_profiles: Delete User Attribute Profiles
read:user_effective_permissions: Read User Effective Permissions
read:user_effective_roles: Read User Effective Roles
read:user_idp_tokens: Read User Idp Tokens
read:user_permission_source_roles: Read User Permission Source Roles
read:user_role_source_groups: Read User Role Source Groups
create:user_tickets: Create User Tickets
create:users: Create Users
read:users: Read Users
update:users: Update Users
delete:users: Delete Users
update:users_app_metadata: Update Users App Metadata
create:vdcs_templates: Create Vdcs Templates
read:vdcs_templates: Read Vdcs Templates
update:vdcs_templates: Update Vdcs Templates
delete:vdcs_templates: Delete Vdcs Templates
````