REST API Reference > Platform REST API version 3 resources > Identity providers
  

Identity providers

You can use a JSON web token (JWT) as an OAuth access token to log in to Informatica Intelligent Cloud Services. To log in using a JWT access token, your organization must have a registered identity provider. Use the IdentityProviders resource to register and manage your identity provider.
You can use the IdentityProviders resource to accomplish the following tasks:

Registering an identity provider

Use a POST request to register an identity provider.
Note: An organization can have no more than one registered identity provider.

POST request

To register an identity provider for an organization, use the following URI:
/public/core/v3/Orgs/<orgId>/IdentityProviders
Include the following fields in the request:
Field
Type
Required
Description
type
String
Yes
Type of identity provider.
Supported type is OIDC.
endPoints
Object
Yes
Object that includes the URLs for the identity provider issuer and the JWT tokens.
issuer
String
Yes
Include in the endPoints object.
Absolute URL of the identity provider issuer.
Must use the same HTTPS scheme as the key URL and be a subset of the key URL.
Maximum length is 255 characters.
keys
String
Yes
Include in the endPoints object.
Absolute URL of the JWT tokens.
Must use the same HTTPS scheme as the issuer URL.
Maximum length is 255 characters.
accountPolicy
Object
Yes
Object that defines the account policy.
link
String
Yes
Include in the accountPolicy object.
Object that includes properties for identifying the user.
tokenClaim
String
-
Include in the link object.
Name of the claim to be used to identify the user for JWT validation. Default is sub.
Maximum length is 64 characters.
matchType
String
Yes
Include in the link object.
The Informatica Cloud attribute name to identify the Informatica Intelligent Cloud Services user. Use one of the following values:
  • - aliasName
  • - uid
Maximum length is 64 characters.
signingAlgorithm
String
-
Token signing algorithm. Use one of the following values:
  • - HS256
  • - HS 384
  • - HS512
  • - RS256
  • - RS384
  • - RS512
  • - ES256
  • - ES384
  • - ES412
  • - PS256
  • - PS384
  • - PS512
  • - EdDSA
  • - ES256K
Default is RS256.

POST request example

You might use a request similar to the following example:
https://dm-us.informaticacloud.com/saas/public/core/v3/Orgs/ppbg1kOl2Jo13b/IdentityProviders
{
"type": "OIDC",
"endPoints": {
"issuer": "https://myidp.mycompany.com/oauth2/",
"keys": "https://myidp.mycompany.com/oauth2/keys"
}
{
"accountPolicy": {
"link": {
"tokenClaim": "sub",
"matchType": "uid"
}
}
"signingAlgorithm": "HS256"
}

POST response

If unsuccessful, returns an error object. If successful, returns the following information:
Field
Type
Description
id
String
User ID.
orgId
String
ID of the organization the user belongs to.
type
String
Type of identity provider.
Supported type is OIDC.
endPoints
Object
Object that includes the URLs for the identity provider issues and the JWT tokens.
issuer
String
Included in the endPoints object.
Absolute URL of the identity provider issuer.
keys
String
Included in the endPoints object.
Absolute URL of the JWT tokens.
accountPolicy
Object
Object that defines the account policy.
link
String
Included in the accountPolicy object.
Object that includes properties for identifying the user.
tokenClaim
String
Included in the link object.
Name of the claim to be used to identify the user for JWT validation.
matchType
String
Included in the link object.
The Informatica Cloud attribute name to identify the Informatica Intelligent Cloud Services user.
signingAlgorithm
String
Token signing algorithm.
createTime
String
When the identity provider was registered.
createdBy
String
Informatica Intelligent Cloud Services user who registered the identity provider.
updateTime
String
When the identity provider was last updated.
updatedBy
String
Informatica Intelligent Cloud Services user who last updated the identity provider.

POST response example

If successful, you might receive a response similar to the following example:
{
"id" : "4aoljyi4ppbg1kOl2Jo13b",
"orgId" : "ppbg1kOl2Jo13b"
"type": "OIDC",
"endPoints": {
"issuer": "https://myidp.mycompany.com/oauth2/",
"keys": "https://myidp.mycompany.com/oauth2/keys"
} {
"accountPolicy": {
"link": {
"tokenClaim": "sub",
"matchType": "uid"
}
}
"signingAlgorithm": "HS256",
"createTime": "2019-03-06T22:04:00.000Z",
"createdBy": "a@abc.com",
"updateTime": "2019-03-06T22:04:00.000Z",
"updatedBy": "a@abc.com"
}

Getting identity provider details

Use a GET request to get the information about an identity provider.

GET request

To get information about the identity provider for an organization, use the following URI:
/public/core/v3/Orgs/<orgId>/IdentityProviders

GET response

If unsuccessful, returns an error object. If successful, returns the following information for the identity provider:
Field
Type
Description
id
String
User ID.
orgId
String
ID of the organization the user belongs to.
type
String
Type of identity provider.
Supported type is OIDC.
endPoints
Object
Object that includes the URLs for the identity provider issuer and the JWT tokens.
issuer
String
Included in the endPoints object.
Absolute URL of the identity provider issuer.
keys
String
Included in the endPoints object.
Absolute URL of the JWT tokens.
accountPolicy
Object
Object that defines the account policy.
link
String
Included in the accountPolicy object.
Object that includes properties for identifying the user.
tokenClaim
String
Included in the link object.
Name of the claim to be used to identify the user for JWT validation. Default is sub.
matchType
String
Included in the link object.
The Informatica Cloud attribute name to identify the Informatica Intelligent Cloud Services user.
signingAlgorithm
String
Token signing algorithm.
createTime
String
When the identity provider was registered.
createdBy
String
Informatica Intelligent Cloud Services user who registered the identity provider.
updateTime
String
When the identity provider was last updated.
updatedBy
String
Informatica Intelligent Cloud Services user who last updated the identity provider.

GET response example

If successful, you might receive a response similar to the following example:
[
{
"id" : "4aoljyi4ppbg1kOl2Jo13b",
"orgId" : "ppbg1kOl2Jo13b"
"type": "OIDC",
"endPoints": {
"issuer": "https://myidp.mycompany.com/oauth2/",
"keys": "https://myidp.mycompany.com/oauth2/keys"
} {
"accountPolicy": {
"link": {
"tokenClaim": "sub",
"matchType": "aliasName"
}
}
"signingAlgorithm": "HS256",
"createTime": "2019-03-06T22:04:00.000Z",
"createdBy": "a@abc.com",
"updateTime": "2019-03-06T22:04:00.000Z",
"updatedBy": "a@abc.com"
},
]

Updating an identity provider

Use a PUT request to update an identity provider.

PUT request

To update an identity provider, use the following URI:
/public/core/v3/Orgs/<orgId>/IdentityProviders/<identity provider ID>
You can include the following fields in the request:
Field
Type
Required
Description
endPoints
Object
Yes
Object that includes the URLs for the identity provider issuer and the JWT tokens.
issuer
String
Yes
Include in the endPoints object.
Absolute URL of the identity provider issuer.
Must use the same HTTPS scheme as the key URL and be a subset of the key URL.
Maximum length is 255 characters.
keys
String
Yes
Include in the endPoints object.
Absolute URL of the JWT tokens.
Must use the same HTTPS scheme as the issuer URL.
Maximum length is 255 characters.
accountPolicy
Object
Yes
Object that defines the account policy.
link
String
Yes
Include in the accountPolicy object.
Object that includes properties for identifying the user.
tokenClaim
String
-
Include in the link object.
Name of the claim to be used to identify the user for JWT validation. Default is sub.
Maximum length is 64 characters.
matchType
String
Yes
Include in the link object.
The Informatica Cloud attribute name to identify the Informatica Intelligent Cloud Services user. Use one of the following values:
  • - aliasName
  • - uid
Maximum length is 64 characters.
signingAlgorithm
String
-
Token signing algorithm. Use one of the following values:
  • - HS256
  • - HS 384
  • - HS512
  • - RS256
  • - RS384
  • - RS512
  • - ES256
  • - ES384
  • - ES412
  • - PS256
  • - PS384
  • - PS512
  • - EdDSA
  • - ES256K
Default is RS256.
Returns the 204 response code if successful. Returns an error object if errors occurs.

PUT request example

You might send a request similar to the following example:
https://dm-us.informaticacloud.com/saas/public/core/v3/Orgs/ppbg1kOl2Jo13b/IdentityProviders/6qnnXazBltUbOcUTYgyWO1
{
"endPoints": {
"issuer": "https://myidp.mycompany.com/oauth2/",
"keys": "https://myidp.mycompany.com/oauth2/keys"
},
"accountPolicy": {
"link": {
"tokenClaim": "user",
"matchType": "uid"
}
}
"signingAlgorithm": "RS512",
}

Deleting an identity provider

To delete an identity provider, include the identity provider ID in a DELETE request.
To delete an identity provider, use the following URI:
/public/core/v3/Orgs/<orgId>/IdentityProviders/<identity provider ID>
For example,
DELETE http://dm-us.informaticacloud.com/saas/public/core/v3/Orgs/ppbg1mOj8Jo14c/IdentityProviders/6qnnXdzBdtUbObUTYhyWO1
Returns the 204 response code if successful. Returns an error object if errors occurs.