> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev.auth0-mintlify.app/llms.txt
> Use this file to discover all available pages before exploring further.
# Refresh Identity Provider attribute mapping
> Refresh the attribute mapping for an Identity Provider specified by ID for this Organization. Mappings are reset to the admin-defined defaults.
export const Scopes = ({scopes = []}) => {
return
Scopes
{"Scopes define permissions and access levels for API requests and authentication tokens."}
;
};
## OpenAPI
````yaml myorganization-api-oas put /identity-providers/{idp_id}/update-attributes
openapi: 3.1.0
info:
title: My Organization API
description: My Organization API
termsOfService: https://auth0.com/web-terms/
version: 1.0.0
license:
name: UNLICENSED
url: https://auth0.com
servers:
- url: https://{tenantDomain}/my-org/v1
variables:
tenantDomain:
default: '{TENANT}.auth0.com'
description: Auth0 Tenant Domain
- url: https://{tenantDomain}/my-org
variables:
tenantDomain:
default: '{TENANT}.auth0.com'
description: Auth0 Tenant Domain
security: []
tags:
- name: config
description: Configuration
x-displayName: Configuration
- name: orgDetails
description: Manage details related to your organization.
x-displayName: Organization Details Management
- name: idpManagement
description: Manage Identity Providers for your Organization.
x-displayName: Identity Provider Management
- name: orgDomainManagement
description: Manage domains related to your organization
x-displayName: Domain Management
- name: orgMemberManagement
description: Manage members related to your organization
x-displayName: Member Management
- name: clientGrantManagement
description: Manage client grants for your organization
x-displayName: Client Grant Management
- name: clientManagement
description: Manage API clients for your organization
x-displayName: Client Management
- name: roles
description: Manage roles for your organization
x-displayName: Roles
paths:
/identity-providers/{idp_id}/update-attributes:
put:
tags:
- idpManagement
summary: Refresh Identity Provider attribute mapping
description: >-
Refresh the attribute mapping for an Identity Provider specified by ID
for this Organization. Mappings are reset to the admin-defined defaults.
operationId: UpdateOrganizationIdentityProviderAttributes
parameters:
- $ref: '#/components/parameters/IdpIdPathParameter'
requestBody:
$ref: '#/components/requestBodies/EmptyBody'
responses:
'200':
$ref: '#/components/responses/GetIdentityProviderResponse'
'400':
$ref: '#/components/responses/ClientErrorBadRequestResponse'
'401':
$ref: '#/components/responses/ClientErrorUnauthorizedResponse'
'403':
$ref: '#/components/responses/ClientErrorInsufficientScopeResponse'
'404':
$ref: '#/components/responses/ClientErrorNotFoundOrgOrIdpResponse'
'429':
$ref: '#/components/responses/ClientErrorTooManyRequestsResponse'
security:
- OAuth2ClientCredentials:
- update:my_org:identity_providers
- OAuth2AuthCode:
- update:my_org:identity_providers
x-codeSamples: []
components:
parameters:
IdpIdPathParameter:
in: path
name: idp_id
required: true
schema:
$ref: '#/components/schemas/IdpId'
requestBodies:
EmptyBody:
content:
application/json:
schema:
type: object
additionalProperties: false
examples: {}
responses:
GetIdentityProviderResponse:
description: Identity provider successfully retrieved.
headers:
X-RateLimit-Limit:
$ref: '#/components/headers/X-RateLimit-Limit'
X-RateLimit-Remaining:
$ref: '#/components/headers/X-RateLimit-Remaining'
X-RateLimit-Reset:
$ref: '#/components/headers/X-RateLimit-Reset'
Retry-After:
$ref: '#/components/headers/Retry-After'
X-Auth0-Error-Kind:
$ref: '#/components/headers/X-Auth0-Error-Kind'
content:
application/json:
schema:
$ref: '#/components/schemas/GetIdentityProviderResponseContent'
examples:
getIdPResponseExample:
$ref: '#/components/examples/GetIdentityProviderResponseExample'
ClientErrorBadRequestResponse:
description: Invalid request body. The message will vary depending on the cause.
content:
application/json:
schema:
oneOf:
- $ref: '#/components/schemas/ErrorResponseContent'
- $ref: '#/components/schemas/ValidationErrorResponseContent'
examples:
errorInvalidJsonExample:
$ref: '#/components/examples/ErrorBadRequestExample'
validationErrorExample:
$ref: '#/components/examples/ErrorValidationExample'
ClientErrorUnauthorizedResponse:
description: 'Unauthorized: token missing, invalid or expired.'
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponseContent'
examples:
errorMissingTokenExample:
$ref: '#/components/examples/ErrorMissingTokenExample'
ClientErrorInsufficientScopeResponse:
description: Insufficient scope.
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponseContent'
examples:
errorInsufficientScopeExample:
$ref: '#/components/examples/ErrorInsufficientScopeExample'
ClientErrorNotFoundOrgOrIdpResponse:
description: Resource not found.
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponseContent'
examples:
errorOrgNotFoundExample:
$ref: '#/components/examples/ErrorOrgNotFoundExample'
ErrorIdpNotFoundExample:
$ref: '#/components/examples/ErrorIdpNotFoundExample'
ClientErrorTooManyRequestsResponse:
description: >-
Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining
and X-RateLimit-Reset headers.
headers:
X-RateLimit-Limit:
$ref: '#/components/headers/X-RateLimit-Limit'
X-RateLimit-Remaining:
$ref: '#/components/headers/X-RateLimit-Remaining'
X-RateLimit-Reset:
$ref: '#/components/headers/X-RateLimit-Reset'
Retry-After:
$ref: '#/components/headers/Retry-After'
X-Auth0-Error-Kind:
$ref: '#/components/headers/X-Auth0-Error-Kind'
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponseContent'
examples:
errorEndpointRateLimitExample:
$ref: '#/components/examples/ErrorEndpointRateLimitExample'
schemas:
IdpId:
type: string
description: Identity provider identifier.
readOnly: true
pattern: ^con_[A-Za-z0-9]{16}$
GetIdentityProviderResponseContent:
$ref: '#/components/schemas/IdpKnownResponse'
ErrorResponseContent:
type: object
additionalProperties: false
required:
- type
- status
- title
- detail
properties:
type:
type: string
description: A URI that describes the error.
format: uri
status:
type: integer
description: The HTTP status code result of the request.
title:
type: string
description: A brief description of the error.
detail:
type: string
description: A detailed description of the error.
ValidationErrorResponseContent:
type: object
additionalProperties: false
required:
- type
- status
- title
- validation_errors
properties:
type:
type: string
description: A URI that describes the error.
format: uri
status:
type: integer
description: The HTTP status code result of the request.
title:
type: string
description: A brief description of the error.
validation_errors:
type: array
items:
$ref: '#/components/schemas/ValidationErrorDetail'
IdpKnownResponse:
oneOf:
- $ref: '#/components/schemas/IdpAdfsResponse'
- $ref: '#/components/schemas/IdpGoogleAppsResponse'
- $ref: '#/components/schemas/IdpOidcResponse'
- $ref: '#/components/schemas/IdpOktaResponse'
- $ref: '#/components/schemas/IdpPingFederateResponse'
- $ref: '#/components/schemas/IdpSamlpResponse'
- $ref: '#/components/schemas/IdpWaadResponse'
ValidationErrorDetail:
type: object
additionalProperties: false
required:
- detail
properties:
detail:
type: string
description: A detailed description of the error.
field:
type: string
description: The name of the invalid parameter.
pointer:
type: string
description: >-
JSON Pointer that points to the exact location of the error in a
JSON document being validated.
source:
type: string
description: >-
Specifies the source of the error (e.g., body, query, or header in
an HTML message).
IdpAdfsResponse:
title: IdP ADFS Response
description: Identity provider specific options.
allOf:
- $ref: '#/components/schemas/IdpBaseResponse'
- type: object
properties:
strategy:
const: adfs
options:
$ref: '#/components/schemas/IdpAdfsOptionsResponse'
description: Identity provider specific options.
required:
- strategy
- options
type: object
unevaluatedProperties: false
IdpGoogleAppsResponse:
title: IdP Google Workforce Response
description: Identity provider specific options.
allOf:
- $ref: '#/components/schemas/IdpBaseResponse'
- type: object
properties:
strategy:
const: google-apps
options:
$ref: '#/components/schemas/IdpGoogleAppsOptionsResponse'
description: Identity provider specific options.
required:
- strategy
- options
type: object
unevaluatedProperties: false
IdpOidcResponse:
title: IdP OIDC Response
description: Identity provider specific options.
allOf:
- $ref: '#/components/schemas/IdpBaseResponse'
- type: object
properties:
strategy:
const: oidc
options:
$ref: '#/components/schemas/IdpOidcOptionsResponse'
description: Identity provider specific options.
attributes:
type: array
items:
$ref: '#/components/schemas/IdpUserAttributeMapItem'
required:
- strategy
- options
- attributes
type: object
unevaluatedProperties: false
IdpOktaResponse:
title: IdP Okta Response
description: Identity provider specific options.
allOf:
- $ref: '#/components/schemas/IdpBaseResponse'
- type: object
properties:
strategy:
const: okta
options:
$ref: '#/components/schemas/IdpOktaOptionsResponse'
description: Identity provider specific options.
attributes:
type: array
items:
$ref: '#/components/schemas/IdpUserAttributeMapItem'
required:
- strategy
- options
- attributes
type: object
unevaluatedProperties: false
IdpPingFederateResponse:
title: IdP Ping Response
description: Identity provider specific options.
allOf:
- $ref: '#/components/schemas/IdpBaseResponse'
- type: object
properties:
strategy:
const: pingfederate
options:
$ref: '#/components/schemas/IdpPingFederateOptionsResponse'
description: Identity provider specific options.
required:
- strategy
- options
type: object
unevaluatedProperties: false
IdpSamlpResponse:
title: IdP SAML Response
description: Identity provider specific options.
allOf:
- $ref: '#/components/schemas/IdpBaseResponse'
- type: object
properties:
strategy:
const: samlp
options:
$ref: '#/components/schemas/IdpSamlpOptionsResponse'
description: Identity provider specific options.
attributes:
type: array
items:
$ref: '#/components/schemas/IdpUserAttributeMapItem'
required:
- strategy
- options
- attributes
type: object
unevaluatedProperties: false
IdpWaadResponse:
title: IdP Microsoft Azure AD Response
description: Identity provider specific options.
allOf:
- $ref: '#/components/schemas/IdpBaseResponse'
- type: object
properties:
strategy:
const: waad
options:
$ref: '#/components/schemas/IdpWaadOptionsResponse'
description: Identity provider specific options.
required:
- strategy
- options
type: object
unevaluatedProperties: false
IdpBaseResponse:
allOf:
- type: object
properties:
id:
$ref: '#/components/schemas/IdpId'
name:
type:
- string
- 'null'
description: The name of the identity provider
maxLength: 128
strategy:
$ref: '#/components/schemas/IdpStrategyEnum'
domains:
type: array
description: List of domains for Home Realm Discovery (HRD)
items:
type: string
display_name:
type: string
description: Identity provider name used on the login screen.
minLength: 1
maxLength: 128
show_as_button:
type: boolean
description: >-
Enables showing a button for the connection in the login page
(new experience only). If false, it will be usable only by Home
Realm Discovery (HRD).
assign_membership_on_login:
type: boolean
description: >-
If true, the user will be made a member of the organization upon
login.
is_enabled:
type: boolean
description: True if the identity provider is enabled for the organization.
access_level:
$ref: '#/components/schemas/OrganizationAccessLevelEnum'
readOnly: true
required:
- strategy
IdpAdfsOptionsResponse:
type: object
oneOf:
- title: adfs_server
type: object
properties:
adfs_server:
type: string
description: >-
The adfs_server is the public-facing URL that relying parties
and internal clients use to communicate with an ADFS server for
authentication and token issuance
additionalProperties: false
- title: fedMetadataXml
type: object
properties:
fedMetadataXml:
type: string
description: >-
A Federation Metadata XML file in ADFS is a crucial document
that serves as a blueprint for establishing trust between an
ADFS server and other relying parties that want to consume
identity information from ADFS.
additionalProperties: false
IdpGoogleAppsOptionsResponse:
type: object
properties:
domain:
type: string
description: Google Workspace domain name for your organization.
client_id:
type: string
description: Unique identifier for your registered Google application.
icon_url:
type: string
description: >-
A URL pointing to an image file that represents your client
application.
additionalProperties: false
IdpOidcOptionsResponse:
type: object
properties:
type:
$ref: '#/components/schemas/IdpOidcOptionsTypeEnum'
client_id:
type: string
description: >-
The identifier given to you by your provider. Unique identifier for
your registered application.
discovery_url:
type: string
description: >-
The URL where the OIDC Identity Provider publishes its OpenID
Provider Configuration Information
additionalProperties: false
IdpUserAttributeMapItem:
type: object
allOf:
- $ref: '#/components/schemas/BaseUserAttributeMapItem'
- type: object
properties:
sso_field:
type: array
items:
type: string
description: The name(s) of the sso field.
required:
- sso_field
unevaluatedProperties: false
IdpOktaOptionsResponse:
type: object
properties:
domain:
type: string
description: Okta's domain name for your organization.
client_id:
type: string
description: Unique identifier for your registered Okta application
icon_url:
type: string
description: >-
A URL pointing to an image file that represents your client
application.
additionalProperties: false
IdpPingFederateOptionsResponse:
type: object
properties:
signatureAlgorithm:
$ref: '#/components/schemas/IdpSignAlgTypeEnum'
digestAlgorithm:
$ref: '#/components/schemas/IdpSignAlgDigestTypeEnum'
signSAMLRequest:
type: boolean
description: >-
Indicates whether PingFederate should digitally sign outgoing SAML
authentication requests to relying parties
pingFederateBaseUrl:
type: string
description: >-
URL provided by PingFederate which returns information used for
creating the connection
cert:
type: string
description: >-
A value derived from decoding the signingCert. This should not be
updated directly, instead update the signingCertificate to decode a
new value for this field
readOnly: true
idpInitiated:
$ref: '#/components/schemas/IdpOptionsIdpInitiated'
icon_url:
type: string
description: >-
A URL pointing to an image file that represents your client
application.
additionalProperties: false
IdpSamlpOptionsResponse:
oneOf:
- title: automatic
type: object
properties:
metadataUrl:
type: string
description: >-
URL provided by SAML provider which returns information used for
creating the connection
signSAMLRequest:
type: boolean
description: When enabled, the SAML authentication request will be signed.
signatureAlgorithm:
$ref: '#/components/schemas/IdpSignAlgTypeEnum'
digestAlgorithm:
$ref: '#/components/schemas/IdpSignAlgDigestTypeEnum'
protocolBinding:
$ref: '#/components/schemas/IdpProtocolBindingTypeEnum'
bindingMethod:
type: string
description: >-
Defines the specific HTTP binding used for sending SAML
messages.
cert:
type: string
description: >-
Signing certificate (encoded in PEM or CER) you retrieved from
the IdP
idpInitiated:
$ref: '#/components/schemas/IdpOptionsIdpInitiated'
icon_url:
type: string
description: >-
A URL pointing to an image file that represents your client
application.
additionalProperties: false
- title: manual
type: object
properties:
signInEndpoint:
type: string
description: The endpoint URL for the IdP sign-in
cert:
type: string
description: >-
Signing certificate (encoded in PEM or CER) you retrieved from
the IdP
signSAMLRequest:
type: boolean
description: When enabled, the SAML authentication request will be signed.
signatureAlgorithm:
$ref: '#/components/schemas/IdpSignAlgTypeEnum'
digestAlgorithm:
$ref: '#/components/schemas/IdpSignAlgDigestTypeEnum'
protocolBinding:
$ref: '#/components/schemas/IdpProtocolBindingTypeEnum'
bindingMethod:
type: string
description: >-
Defines the specific HTTP binding used for sending SAML
messages.
idpInitiated:
$ref: '#/components/schemas/IdpOptionsIdpInitiated'
icon_url:
type: string
description: >-
A URL pointing to an image file that represents your client
application.
additionalProperties: false
IdpWaadOptionsResponse:
type: object
properties:
tenant_domain:
type: string
description: >-
Your Azure AD domain name. You can find this on your Azure AD
directory's overview page in the Microsoft Azure portal.
client_id:
type: string
description: Unique identifier for your registered Azure AD application.
icon_url:
type: string
description: >-
A URL pointing to an image file that represents your client
application.
additionalProperties: false
IdpStrategyEnum:
type: string
description: The type of the identity provider
enum:
- adfs
- google-apps
- oidc
- okta
- pingfederate
- samlp
- waad
OrganizationAccessLevelEnum:
type: string
description: ''
enum:
- none
- readonly
- limited
- full
IdpOidcOptionsTypeEnum:
type: string
description: >-
Select whether authentication exchanges occur via server-to-server
communication (Back Channel) or through the browser using Implicit Flow
with Form Post (Front Channel)
enum:
- front_channel
- back_channel
BaseUserAttributeMapItem:
type: object
properties:
user_attribute:
type: string
description: The name of the user attribute.
description:
type: string
description: The description of the user attribute.
label:
type: string
description: The label of the user attribute.
is_required:
type: boolean
description: Indicates if the attribute is required.
is_extra:
type: boolean
description: >-
Indicates whether this attribute is not part of the admin defined
schema but is provided by the source. The property will be removed
when a refresh operation is performed.
is_missing:
type: boolean
description: >-
Indicates whether this attribute is expected but not provided by the
admin defined schema. The property will be added when a refresh
operation is performed.
required:
- is_required
- is_extra
- is_missing
IdpSignAlgTypeEnum:
type: string
description: Select the algorithm used for signing
enum:
- rsa-sha256
- rsa-sha1
IdpSignAlgDigestTypeEnum:
type: string
description: Select the algorithm digest used for signing
enum:
- sha256
- sha1
IdpOptionsIdpInitiated:
type: object
description: >-
An object containing configuration details for Identity Provider (IdP)
initiated single sign-on flows
properties:
enabled:
type: boolean
description: >-
A flag indicating whether IdP-initiated SSO is enabled for this
connection
client_id:
type: string
description: >-
The client ID of your default application for which the
IdP-initiated flow is being configured
client_protocol:
type: string
description: >-
This is the protocol used to connect your selected default
application
client_authorizequery:
type: string
description: >-
This field represents a template for constructing the authorization
query string when initiating an IdP-initiated flow to a specific
client
IdpProtocolBindingTypeEnum:
type: string
description: HTTP binding supported by the IdP.
enum:
- urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
- urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
headers:
X-RateLimit-Limit:
description: The number of allowed requests in the current rate limit window.
schema:
type: integer
X-RateLimit-Remaining:
description: The number of remaining requests in the current rate limit window.
schema:
type: integer
X-RateLimit-Reset:
description: The Unix timestamp indicating when the current rate limit window resets.
schema:
type: integer
Retry-After:
description: >-
The number of seconds the client should wait before making a new
request.
schema:
type: integer
X-Auth0-Error-Kind:
description: >-
An indicator that the rate limit exceeded a is global (per tenant)
limit.
schema:
type: string
enum:
- global-rate-limit
examples:
GetIdentityProviderResponseExample:
value:
id: con_zW1UHutvkVWSWdCC
name: oidcIdp
display_name: OIDC IdP
strategy: oidc
show_as_button: true
assign_membership_on_login: false
access_level: readonly
domains:
- mydomain.com
is_enabled: true
options:
type: front_channel
client_id: a8f3b2e7-5d1c-4f9a-8b0d-2e1c3a5b6f7d
discovery_url: https://{yourDomain}/.well-known/openid-configuration
attributes:
- sso_field:
- userName
user_attribute: preferred_username
description: Preferred Username
label: Preferred username
is_required: true
is_extra: false
is_missing: false
- sso_field:
- externalId
user_attribute: external_id
is_required: true
is_extra: true
is_missing: false
ErrorBadRequestExample:
value:
type: https://auth0.com/api-errors#A0E-400-0001
status: 400
title: Bad Request
detail: The request is invalid.
ErrorValidationExample:
value:
type: https://auth0.com/api-errors#A0E-400-0003
status: 400
title: Validation Error
validation_errors:
- detail: is required
field: data/property_name
pointer: /property_name
source: params
ErrorMissingTokenExample:
value:
type: https://auth0.com/api-errors#A0E-401-0002
status: 401
title: Missing Token
detail: No auth token provided.
ErrorInsufficientScopeExample:
value:
type: https://auth0.com/api-errors#A0E-403-0002
status: 403
title: Insufficient Scope
detail: >-
The auth token lacks the required scope: Check the API documentation
for the required scopes for this endpoint.
ErrorOrgNotFoundExample:
value:
type: https://auth0.com/api-errors#A0E-404-0002
status: 404
title: Resource Not Found
detail: The organization does not exist.
ErrorIdpNotFoundExample:
value:
type: https://auth0.com/api-errors#A0E-404-0002
status: 404
title: Resource Not Found
detail: The IdP does not exist.
ErrorEndpointRateLimitExample:
value:
type: https://auth0.com/api-errors#A0E-429-0003
status: 429
title: Endpoint Rate Limit Exceeded
detail: The endpoint request limit has been exceeded.
securitySchemes:
OAuth2ClientCredentials:
type: oauth2
flows:
clientCredentials:
tokenUrl: /oauth/token
x-form-parameters:
audience: /myorg-api/v1/
scopes:
read:my_org:configuration: Read organization configuration
read:my_org:details: Read organization details
update:my_org:details: Update organization details
read:my_org:identity_providers: Read identity providers for organization
create:my_org:identity_providers: Create identity provider for organization
update:my_org:identity_providers: Update identity provider for organization
delete:my_org:identity_providers: Delete identity provider for organization
update:my_org:identity_providers_detach: Detach identity provider from organization
create:my_org:identity_providers_domains: Associate organization domain with identity provider
delete:my_org:identity_providers_domains: Remove organization domain from identity provider
create:my_org:domains: Create domain for organization
read:my_org:domains: Read domains for organization
update:my_org:domains: Update domain for organization
delete:my_org:domains: Delete domain for organization
create:my_org:identity_providers_provisioning: Create provisioning configuration for identity provider
update:my_org:identity_providers_provisioning: Update provisioning configuration for identity provider
read:my_org:identity_providers_provisioning: Read provisioning configuration for identity provider
delete:my_org:identity_providers_provisioning: Delete provisioning configuration for identity provider
create:my_org:identity_providers_scim_tokens: Create a provisioning SCIM token for this identity provider
read:my_org:identity_providers_scim_tokens: List the provisioning SCIM tokens for this identity provider
delete:my_org:identity_providers_scim_tokens: Delete a provisioning SCIM configuration for an identity provider
read:my_org:member_invitations: List member invitations for organization
create:my_org:member_invitations: Create member invitations for organization
delete:my_org:member_invitations: Delete member invitations for organization
read:my_org:members: List members for organization
delete:my_org:memberships: Delete members from organization without deleting underlying users
read:my_org:member_roles: List Roles for members in organization
create:my_org:member_roles: Create Roles for members in organization
delete:my_org:member_roles: Delete Roles from members for organization
create:my_org:client_grants: Create client grants for client in organization
create:my_org:clients: Create API clients for organization
read:my_org:clients: Read API clients for organization
delete:my_org:clients: Delete API clients for organization
read:my_org:permissions: Read permissions for a user
OAuth2AuthCode:
type: oauth2
flows:
authorizationCode:
authorizationUrl: /authorize
tokenUrl: /oauth/token
x-form-parameters:
audience: /myorg-api/v1/
scopes:
read:my_org:configuration: Read organization configuration
read:my_org:details: Read organization details
update:my_org:details: Update organization details
read:my_org:identity_providers: Read identity providers for organization
create:my_org:identity_providers: Create identity provider for organization
update:my_org:identity_providers: Update identity provider for organization
delete:my_org:identity_providers: Delete identity provider for organization
update:my_org:identity_providers_detach: Detach identity provider from organization
create:my_org:identity_providers_domains: Associate organization domain with identity provider
delete:my_org:identity_providers_domains: Remove organization domain from identity provider
create:my_org:domains: Create domain for organization
read:my_org:domains: Read domains for organization
update:my_org:domains: Update domain for organization
delete:my_org:domains: Delete domain for organization
create:my_org:identity_providers_provisioning: Create provisioning configuration for identity provider
update:my_org:identity_providers_provisioning: Update provisioning configuration for identity provider
read:my_org:identity_providers_provisioning: Read provisioning configuration for identity provider
delete:my_org:identity_providers_provisioning: Delete provisioning configuration for identity provider
create:my_org:identity_providers_scim_tokens: Create a provisioning SCIM token for this identity provider
read:my_org:identity_providers_scim_tokens: List the provisioning SCIM tokens for this identity provider
delete:my_org:identity_providers_scim_tokens: Delete a provisioning SCIM configuration for an identity provider
read:my_org:member_invitations: List member invitations for organization
create:my_org:member_invitations: Create member invitations for organization
delete:my_org:member_invitations: Delete member invitations for organization
read:my_org:members: List members for organization
delete:my_org:memberships: Delete members from organization without deleting underlying users
read:my_org:member_roles: List Roles for members in organization
create:my_org:member_roles: Create Roles for members in organization
delete:my_org:member_roles: Delete Roles from members for organization
create:my_org:client_grants: Create client grants for client in organization
create:my_org:clients: Create API clients for organization
read:my_org:clients: Read API clients for organization
delete:my_org:clients: Delete API clients for organization
read:my_org:permissions: Read permissions for a user
````