Skip to main content

Add Azure AD Identity Provider

POST 
https://$CUSTOM-DOMAIN/management/v1/idps/azure

Add Azure AD Identity Provider

Request​

Header Parameters

    x-zitadel-orgid string

    The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.

Body

required

    name string
    clientId string

    client id generated by the Azure AD

    clientSecret string

    client secret generated by the Azure AD

    tenant

    object

    Defines what kind of accounts are allowed to authenticate (Personal, Organizational, All). If not provided the common tenant will be used (All accounts)

    tenantType string

    Possible values: [AZURE_AD_TENANT_TYPE_COMMON, AZURE_AD_TENANT_TYPE_ORGANISATIONS, AZURE_AD_TENANT_TYPE_CONSUMERS]

    Default value: AZURE_AD_TENANT_TYPE_COMMON

    tenantId string
    emailVerified boolean

    Azure AD doesn't send if the email has been verified. Enable this if the user email should always be added verified in ZITADEL (no verification emails will be sent)

    scopes string[]

    the scopes requested by ZITADEL during the request to Azure AD

    providerOptions

    object

    isLinkingAllowed boolean

    Enable if users should be able to manually link an existing ZITADEL user with an external account. Disable if users should only be allowed to link the proposed account in case of active auto_linking.

    isCreationAllowed boolean

    Enable if users should be able to manually create a new account in ZITADEL when using an external account. Disable if users should not be able to edit account information when auto_creation is enabled.

    isAutoCreation boolean

    Enable if a new account in ZITADEL should be created automatically when login with an external account.

    isAutoUpdate boolean

    Enable if a the ZITADEL account fields should be updated automatically on each login.

    autoLinking string

    Possible values: [AUTO_LINKING_OPTION_UNSPECIFIED, AUTO_LINKING_OPTION_USERNAME, AUTO_LINKING_OPTION_EMAIL]

    Default value: AUTO_LINKING_OPTION_UNSPECIFIED

    Enable if users should get prompted to link an existing ZITADEL user to an external account if the selected attribute matches.

Responses​

A successful response.

Schema

    details

    object

    sequence uint64

    on read: the sequence of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    creationDate date-time

    on read: the timestamp of the first event of the object

    on create: the timestamp of the event(s) added by the manipulation

    changeDate date-time

    on read: the timestamp of the last event reduced by the projection

    on manipulation: the

    resourceOwner resource_owner is the organization an object belongs to (string)
    id string
curl -L 'https://$CUSTOM-DOMAIN/management/v1/idps/azure' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
-d '{
  "name": "Azure AD",
  "clientId": "client-id",
  "clientSecret": "secret",
  "tenant": {
    "tenantType": "AZURE_AD_TENANT_TYPE_COMMON",
    "tenantId": "string"
  },
  "emailVerified": true,
  "scopes": [
    "openid",
    "profile",
    "email",
    "User.Read"
  ],
  "providerOptions": {
    "isLinkingAllowed": true,
    "isCreationAllowed": true,
    "isAutoCreation": true,
    "isAutoUpdate": true,
    "autoLinking": "AUTO_LINKING_OPTION_UNSPECIFIED"
  }
}'
Request Collapse all
Base URL
https://$CUSTOM-DOMAIN/management/v1
Auth
Parameters
— header
Body required
{
  "name": "Azure AD",
  "clientId": "client-id",
  "clientSecret": "secret",
  "tenant": {
    "tenantType": "AZURE_AD_TENANT_TYPE_COMMON",
    "tenantId": "string"
  },
  "emailVerified": true,
  "scopes": [
    "openid",
    "profile",
    "email",
    "User.Read"
  ],
  "providerOptions": {
    "isLinkingAllowed": true,
    "isCreationAllowed": true,
    "isAutoCreation": true,
    "isAutoUpdate": true,
    "autoLinking": "AUTO_LINKING_OPTION_UNSPECIFIED"
  }
}
ResponseClear

Click the Send API Request button above and see the response here!