PingOne Platform APIs

Create Identity Provider (Microsoft)

   

POST {{apiPath}}/environments/{{envID}}/identityProviders

The POST {{apiPath}}/environments/{{envID}}/identityProviders operation adds a new identity provider resource to the specified environment.

When the type property value is set to MICROSOFT, Microsoft’s clientId and clientSecret property values are required in the request body. The tenantId property is required if Entra ID is enabled.

Prerequisites

Request Model

Microsoft identity provider settings data model

Property Type Required?

clientId

String

Required

clientSecret

String

Required

tenantId

String

Optional

Microsoft core attributes

Property Description

id

A string that specifies the core Microsoft attribute. The default value is ${providerAttributes.id} and the default update value is EMPTY_ONLY.

Microsoft provider attributes

Permission Provider attributes

OpenID Connect scopes: openid, email

email

User:Read

Options are: displayName, surname, givenName, id, userPrincipalName, businessPhones, jobTitle, mail, officeLocation, postalCode, mainNickname

Refer to Base IdP data model for the properties available to all of the supported identity providers.

While the businessPhones Microsoft attribute represents a string collection, but only one phone number can be set for this property.
Query parameters
Parameter Description

expand

When equal to attributes, shows the details for the core attribute mapping created by the request.

Example: POST {{apiPath}}/environments/{{envID}}/identityProviders?expand=attributes

Headers

Authorization      Bearer {{accessToken}}

Content-Type      application/json

Body

raw ( application/json )

{
    "description": "Microsoft Provider",
    "enabled": true,
    "name": "MicrosoftIdP",
    "type": "MICROSOFT",
    "clientId": "MICROSOFT_ID",
    "clientSecret": "MICROSOFT_SECRET"
}

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{apiPath}}/environments/{{envID}}/identityProviders' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
    "description": "Microsoft Provider",
    "enabled": true,
    "name": "MicrosoftIdP",
    "type": "MICROSOFT",
    "clientId": "MICROSOFT_ID",
    "clientSecret": "MICROSOFT_SECRET"
}'
var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/identityProviders")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@"    ""description"": ""Microsoft Provider""," + "\n" +
@"    ""enabled"": true," + "\n" +
@"    ""name"": ""MicrosoftIdP""," + "\n" +
@"    ""type"": ""MICROSOFT""," + "\n" +
@"    ""clientId"": ""MICROSOFT_ID""," + "\n" +
@"    ""clientSecret"": ""MICROSOFT_SECRET""" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{apiPath}}/environments/{{envID}}/identityProviders"
  method := "POST"

  payload := strings.NewReader(`{
    "description": "Microsoft Provider",
    "enabled": true,
    "name": "MicrosoftIdP",
    "type": "MICROSOFT",
    "clientId": "MICROSOFT_ID",
    "clientSecret": "MICROSOFT_SECRET"
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/json")
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
POST /environments/{{envID}}/identityProviders HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}

{
    "description": "Microsoft Provider",
    "enabled": true,
    "name": "MicrosoftIdP",
    "type": "MICROSOFT",
    "clientId": "MICROSOFT_ID",
    "clientSecret": "MICROSOFT_SECRET"
}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n    \"description\": \"Microsoft Provider\",\n    \"enabled\": true,\n    \"name\": \"MicrosoftIdP\",\n    \"type\": \"MICROSOFT\",\n    \"clientId\": \"MICROSOFT_ID\",\n    \"clientSecret\": \"MICROSOFT_SECRET\"\n}");
Request request = new Request.Builder()
  .url("{{apiPath}}/environments/{{envID}}/identityProviders")
  .method("POST", body)
  .addHeader("Content-Type", "application/json")
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{apiPath}}/environments/{{envID}}/identityProviders",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/json",
    "Authorization": "Bearer {{accessToken}}"
  },
  "data": JSON.stringify({
    "description": "Microsoft Provider",
    "enabled": true,
    "name": "MicrosoftIdP",
    "type": "MICROSOFT",
    "clientId": "MICROSOFT_ID",
    "clientSecret": "MICROSOFT_SECRET"
  }),
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{apiPath}}/environments/{{envID}}/identityProviders',
  'headers': {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{accessToken}}'
  },
  body: JSON.stringify({
    "description": "Microsoft Provider",
    "enabled": true,
    "name": "MicrosoftIdP",
    "type": "MICROSOFT",
    "clientId": "MICROSOFT_ID",
    "clientSecret": "MICROSOFT_SECRET"
  })

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests
import json

url = "{{apiPath}}/environments/{{envID}}/identityProviders"

payload = json.dumps({
  "description": "Microsoft Provider",
  "enabled": True,
  "name": "MicrosoftIdP",
  "type": "MICROSOFT",
  "clientId": "MICROSOFT_ID",
  "clientSecret": "MICROSOFT_SECRET"
})
headers = {
  'Content-Type': 'application/json',
  'Authorization': 'Bearer {{accessToken}}'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/identityProviders');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/json',
  'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n    "description": "Microsoft Provider",\n    "enabled": true,\n    "name": "MicrosoftIdP",\n    "type": "MICROSOFT",\n    "clientId": "MICROSOFT_ID",\n    "clientSecret": "MICROSOFT_SECRET"\n}');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "json"
require "net/http"

url = URI("{{apiPath}}/environments/{{envID}}/identityProviders")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
  "description": "Microsoft Provider",
  "enabled": true,
  "name": "MicrosoftIdP",
  "type": "MICROSOFT",
  "clientId": "MICROSOFT_ID",
  "clientSecret": "MICROSOFT_SECRET"
})

response = http.request(request)
puts response.read_body
let parameters = "{\n    \"description\": \"Microsoft Provider\",\n    \"enabled\": true,\n    \"name\": \"MicrosoftIdP\",\n    \"type\": \"MICROSOFT\",\n    \"clientId\": \"MICROSOFT_ID\",\n    \"clientSecret\": \"MICROSOFT_SECRET\"\n}"
let postData = parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/identityProviders")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

201 Created

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/identityProviders/c8dfd121-b021-4eb9-b876-646928ae6193"
        },
        "environment": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
        },
        "attributes": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/identityProviders/c8dfd121-b021-4eb9-b876-646928ae6193/attributes"
        }
    },
    "id": "c8dfd121-b021-4eb9-b876-646928ae6193",
    "type": "MICROSOFT",
    "name": "MicrosoftIdP",
    "description": "Microsoft Provider",
    "enabled": true,
    "environment": {
        "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
    },
    "createdAt": "2020-07-20T16:43:51.001Z",
    "updatedAt": "2020-07-20T16:43:51.001Z",
    "clientSecret": "MICROSOFT_SECRET",
    "clientId": "MICROSOFT_ID"
}