| Name | Type | Description | Notes |
|---|---|---|---|
| name | String | Source's display Name. | |
| slug | String | Internal source name, used in URLs. | |
| enabled | Bool | [optional] | |
| authenticationFlow | UUID | Flow to use when authenticating existing users. | [optional] |
| enrollmentFlow | UUID | Flow to use when enrolling new users. | [optional] |
| policyEngineMode | PolicyEngineMode | [optional] | |
| userMatchingMode | UserMatchingModeEnum | How the source determines if an existing user should be authenticated or a new user enrolled. * `identifier` - Use the source-specific identifier * `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses. * `email_deny` - Use the user's email address, but deny enrollment when the email address already exists. * `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source. * `username_deny` - Use the user's username, but deny enrollment when the username already exists. | [optional] |
| userPathTemplate | String | [optional] | |
| preAuthenticationFlow | UUID | Flow used before authentication. | |
| issuer | String | Also known as Entity ID. Defaults the Metadata URL. | [optional] |
| ssoUrl | String | URL that the initial Login request is sent to. | |
| sloUrl | String | Optional URL if your IDP supports Single-Logout. | [optional] |
| allowIdpInitiated | Bool | Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. | [optional] |
| nameIdPolicy | NameIdPolicyEnum | NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent. * `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress` - Email * `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` - Persistent * `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName` - X509 * `urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName` - Windows * `urn:oasis:names:tc:SAML:2.0:nameid-format:transient` - Transient | [optional] |
| bindingType | BindingTypeEnum | [optional] | |
| verificationKp | UUID | When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. | [optional] |
| signingKp | UUID | Keypair used to sign outgoing Responses going to the Identity Provider. | [optional] |
| digestAlgorithm | DigestAlgorithmEnum | [optional] | |
| signatureAlgorithm | SignatureAlgorithmEnum | [optional] | |
| temporaryUserDeleteAfter | String | Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3). | [optional] |
This repository has been archived by the owner on Apr 17, 2024. It is now read-only.