Package com.okta.sdk.resource.api

Class IdentityProviderApi

java.lang.Object
com.okta.sdk.resource.api.IdentityProviderApi
@Generated(value="org.openapitools.codegen.languages.JavaClientCodegen", date="2026-01-29T15:26:34.455451+05:30[Asia/Kolkata]", comments="Generator version: 7.15.0") public class IdentityProviderApi extends Object

  • Constructor Details

    • IdentityProviderApi

      public IdentityProviderApi()

    • IdentityProviderApi

      public IdentityProviderApi(ApiClient apiClient)

  • Method Details

    • getApiClient

      public ApiClient getApiClient()

    • setApiClient

      public void setApiClient(ApiClient apiClient)

    • activateIdentityProvider

      public IdentityProvider activateIdentityProvider(String idpId) throws ApiException
      Activate an IdP Activates an inactive identity provider (IdP)
      Parameters:
      idpId - `id` of IdP (required)
      Returns:
      IdentityProvider
      Throws:
      ApiException - if fails to make API call

    • activateIdentityProvider

      public IdentityProvider activateIdentityProvider(String idpId, Map<String,String> additionalHeaders) throws ApiException
      Activate an IdP Activates an inactive identity provider (IdP)
      Parameters:
      idpId - `id` of IdP (required)
      additionalHeaders - additionalHeaders for this call
      Returns:
      IdentityProvider
      Throws:
      ApiException - if fails to make API call

    • createIdentityProvider

      public IdentityProvider createIdentityProvider(IdentityProvider identityProvider) throws ApiException
      Create an IdP Creates a new identity provider (IdP) integration. #### SAML 2.0 IdP You must first add the IdP's signature certificate to the IdP key store before you can add a SAML 2.0 IdP with a `kid` credential reference. Don't use `fromURI` to automatically redirect a user to a particular app after successfully authenticating with a third-party IdP. Instead, use SAML deep links. Using `fromURI` isn't tested or supported. For more information about using deep links when signing users in using an SP-initiated flow, see [Understanding SP-Initiated Login flow](https://developer.okta.com/docs/concepts/saml/#understanding-sp-initiated-login-flow). Use SAML deep links to automatically redirect the user to an app after successfully authenticating with a third-party IdP. To use deep links, assemble these three parts into a URL: * SP ACS URL<br> For example: `https://${yourOktaDomain}/sso/saml2/:idpId` * The app to which the user is automatically redirected after successfully authenticating with the IdP <br> For example: `/app/:app-location/:appId/sso/saml` * Optionally, if the app is an outbound SAML app, you can specify the `relayState` passed to it.<br> For example: `?RelayState=:anyUrlEncodedValue` The deep link for the above three parts is:<br> `https://${yourOktaDomain}/sso/saml2/:idpId/app/:app-location/:appId/sso/saml?RelayState=:anyUrlEncodedValue` #### Smart Card X509 IdP You must first add the IdP's server certificate to the IdP key store before you can add a Smart Card `X509` IdP with a `kid` credential reference. You need to upload the whole trust chain as a single key using the [Key Store API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/IdentityProviderKeys/#tag/IdentityProviderKeys/operation/createIdentityProviderKey). Depending on the information stored in the smart card, select the proper [template](https://developer.okta.com/docs/reference/okta-expression-language/#idp-user-profile) `idpuser.subjectAltNameEmail` or `idpuser.subjectAltNameUpn`. #### Identity verification vendors as identity providers Identity verification (IDV) vendors work like IdPs, with a few key differences. IDV vendors verify your user's identities by requiring them to submit a proof of identity. There are many ways to verify user identities. For example, a proof of identity can be a selfie to determine liveliness or it can be requiring users to submit a photo of their driver's license and matching that information with a database. There are three IDV vendors (Persona, CLEAR Verified, and Incode) with specific configuration settings and another IDV vendor type (Custom IDV) that lets you create a custom IDV vendor, using a [standardized IDV process](https://developer.okta.com/docs/guides/idv-integration/main/). You can configure each of the IDV vendors as IdPs in your org by creating an account with the vendor, and then creating an IdP integration. Control how the IDVs verify your users by using [Okta account management policy rules](https://developer.okta.com/docs/guides/okta-account-management-policy/main/). * [Persona](https://withpersona.com/) * [CLEAR Verified](https://www.clearme.com/) * [Incode](https://incode.com/) * [Custom IDV](https://help.okta.com/okta_help.htm?type=oie&id=idp-add-custom-idv-vendor)
      Parameters:
      identityProvider - IdP settings (required)
      Returns:
      IdentityProvider
      Throws:
      ApiException - if fails to make API call

    • createIdentityProvider

      public IdentityProvider createIdentityProvider(IdentityProvider identityProvider, Map<String,String> additionalHeaders) throws ApiException
      Create an IdP Creates a new identity provider (IdP) integration. #### SAML 2.0 IdP You must first add the IdP's signature certificate to the IdP key store before you can add a SAML 2.0 IdP with a `kid` credential reference. Don't use `fromURI` to automatically redirect a user to a particular app after successfully authenticating with a third-party IdP. Instead, use SAML deep links. Using `fromURI` isn't tested or supported. For more information about using deep links when signing users in using an SP-initiated flow, see [Understanding SP-Initiated Login flow](https://developer.okta.com/docs/concepts/saml/#understanding-sp-initiated-login-flow). Use SAML deep links to automatically redirect the user to an app after successfully authenticating with a third-party IdP. To use deep links, assemble these three parts into a URL: * SP ACS URL<br> For example: `https://${yourOktaDomain}/sso/saml2/:idpId` * The app to which the user is automatically redirected after successfully authenticating with the IdP <br> For example: `/app/:app-location/:appId/sso/saml` * Optionally, if the app is an outbound SAML app, you can specify the `relayState` passed to it.<br> For example: `?RelayState=:anyUrlEncodedValue` The deep link for the above three parts is:<br> `https://${yourOktaDomain}/sso/saml2/:idpId/app/:app-location/:appId/sso/saml?RelayState=:anyUrlEncodedValue` #### Smart Card X509 IdP You must first add the IdP's server certificate to the IdP key store before you can add a Smart Card `X509` IdP with a `kid` credential reference. You need to upload the whole trust chain as a single key using the [Key Store API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/IdentityProviderKeys/#tag/IdentityProviderKeys/operation/createIdentityProviderKey). Depending on the information stored in the smart card, select the proper [template](https://developer.okta.com/docs/reference/okta-expression-language/#idp-user-profile) `idpuser.subjectAltNameEmail` or `idpuser.subjectAltNameUpn`. #### Identity verification vendors as identity providers Identity verification (IDV) vendors work like IdPs, with a few key differences. IDV vendors verify your user's identities by requiring them to submit a proof of identity. There are many ways to verify user identities. For example, a proof of identity can be a selfie to determine liveliness or it can be requiring users to submit a photo of their driver's license and matching that information with a database. There are three IDV vendors (Persona, CLEAR Verified, and Incode) with specific configuration settings and another IDV vendor type (Custom IDV) that lets you create a custom IDV vendor, using a [standardized IDV process](https://developer.okta.com/docs/guides/idv-integration/main/). You can configure each of the IDV vendors as IdPs in your org by creating an account with the vendor, and then creating an IdP integration. Control how the IDVs verify your users by using [Okta account management policy rules](https://developer.okta.com/docs/guides/okta-account-management-policy/main/). * [Persona](https://withpersona.com/) * [CLEAR Verified](https://www.clearme.com/) * [Incode](https://incode.com/) * [Custom IDV](https://help.okta.com/okta_help.htm?type=oie&id=idp-add-custom-idv-vendor)
      Parameters:
      identityProvider - IdP settings (required)
      additionalHeaders - additionalHeaders for this call
      Returns:
      IdentityProvider
      Throws:
      ApiException - if fails to make API call

    • deactivateIdentityProvider

      public IdentityProvider deactivateIdentityProvider(String idpId) throws ApiException
      Deactivate an IdP Deactivates an active identity provider (IdP)
      Parameters:
      idpId - `id` of IdP (required)
      Returns:
      IdentityProvider
      Throws:
      ApiException - if fails to make API call

    • deactivateIdentityProvider

      public IdentityProvider deactivateIdentityProvider(String idpId, Map<String,String> additionalHeaders) throws ApiException
      Deactivate an IdP Deactivates an active identity provider (IdP)
      Parameters:
      idpId - `id` of IdP (required)
      additionalHeaders - additionalHeaders for this call
      Returns:
      IdentityProvider
      Throws:
      ApiException - if fails to make API call

    • deleteIdentityProvider

      public void deleteIdentityProvider(String idpId) throws ApiException
      Delete an IdP Deletes an identity provider (IdP) integration by `idpId` * All existing IdP users are unlinked with the highest order profile source taking precedence for each IdP user. * Unlinked users keep their existing authentication provider such as `FEDERATION` or `SOCIAL`.
      Parameters:
      idpId - `id` of IdP (required)
      Throws:
      ApiException - if fails to make API call

    • deleteIdentityProvider

      public void deleteIdentityProvider(String idpId, Map<String,String> additionalHeaders) throws ApiException
      Delete an IdP Deletes an identity provider (IdP) integration by `idpId` * All existing IdP users are unlinked with the highest order profile source taking precedence for each IdP user. * Unlinked users keep their existing authentication provider such as `FEDERATION` or `SOCIAL`.
      Parameters:
      idpId - `id` of IdP (required)
      additionalHeaders - additionalHeaders for this call
      Throws:
      ApiException - if fails to make API call

    • getIdentityProvider

      public IdentityProvider getIdentityProvider(String idpId) throws ApiException
      Retrieve an IdP Retrieves an identity provider (IdP) integration by `idpId`
      Parameters:
      idpId - `id` of IdP (required)
      Returns:
      IdentityProvider
      Throws:
      ApiException - if fails to make API call

    • getIdentityProvider

      public IdentityProvider getIdentityProvider(String idpId, Map<String,String> additionalHeaders) throws ApiException
      Retrieve an IdP Retrieves an identity provider (IdP) integration by `idpId`
      Parameters:
      idpId - `id` of IdP (required)
      additionalHeaders - additionalHeaders for this call
      Returns:
      IdentityProvider
      Throws:
      ApiException - if fails to make API call

    • listIdentityProviders

      public List<IdentityProvider> listIdentityProviders(String q, String after, Integer limit, IdentityProviderType type) throws ApiException
      List all IdPs Lists all identity provider (IdP) integrations with pagination. A subset of IdPs can be returned that match a supported filter expression or query.
      Parameters:
      q - Searches the `name` property of IdPs for matching value (optional)
      after - The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](https://developer.okta.com/docs/api/#pagination) and [Link header](https://developer.okta.com/docs/api/#link-header). (optional)
      limit - A limit on the number of objects to return (optional, default to 20)
      type - Filters IdPs by `type` (optional)
      Returns:
      List<IdentityProvider>
      Throws:
      ApiException - if fails to make API call

    • listIdentityProviders

      public List<IdentityProvider> listIdentityProviders(String q, String after, Integer limit, IdentityProviderType type, Map<String,String> additionalHeaders) throws ApiException
      List all IdPs Lists all identity provider (IdP) integrations with pagination. A subset of IdPs can be returned that match a supported filter expression or query.
      Parameters:
      q - Searches the `name` property of IdPs for matching value (optional)
      after - The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](https://developer.okta.com/docs/api/#pagination) and [Link header](https://developer.okta.com/docs/api/#link-header). (optional)
      limit - A limit on the number of objects to return (optional, default to 20)
      type - Filters IdPs by `type` (optional)
      additionalHeaders - additionalHeaders for this call
      Returns:
      List<IdentityProvider>
      Throws:
      ApiException - if fails to make API call

    • listIdentityProvidersPaged

      public Iterable<IdentityProvider> listIdentityProvidersPaged(String q, String after, Integer limit, IdentityProviderType type)
      List all IdPs (Paginated) Lists all identity provider (IdP) integrations with pagination. A subset of IdPs can be returned that match a supported filter expression or query. This method returns a lazy, paginated iterable that automatically handles pagination. It is thread-safe and does not cause memory leaks. Use this method in a for-each loop to automatically fetch all pages without manual cursor management.
      Parameters:
      q - Searches the `name` property of IdPs for matching value (optional)
      after - The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](https://developer.okta.com/docs/api/#pagination) and [Link header](https://developer.okta.com/docs/api/#link-header). (optional)
      limit - A limit on the number of objects to return (optional, default to 20)
      type - Filters IdPs by `type` (optional)
      Returns:
      Iterable<IdentityProvider> lazy iterable over all pages

    • listIdentityProvidersPaged

      public Iterable<IdentityProvider> listIdentityProvidersPaged(String q, String after, Integer limit, IdentityProviderType type, Map<String,String> additionalHeaders)
      List all IdPs (Paginated with additional headers) Lists all identity provider (IdP) integrations with pagination. A subset of IdPs can be returned that match a supported filter expression or query. This method returns a lazy, paginated iterable that automatically handles pagination. It is thread-safe and does not cause memory leaks.
      Parameters:
      q - Searches the `name` property of IdPs for matching value (optional)
      after - The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](https://developer.okta.com/docs/api/#pagination) and [Link header](https://developer.okta.com/docs/api/#link-header). (optional)
      limit - A limit on the number of objects to return (optional, default to 20)
      type - Filters IdPs by `type` (optional)
      additionalHeaders - additional headers for this call
      Returns:
      Iterable<IdentityProvider> lazy iterable over all pages

    • replaceIdentityProvider

      public IdentityProvider replaceIdentityProvider(String idpId, IdentityProvider identityProvider) throws ApiException
      Replace an IdP Replaces an identity provider (IdP) integration by `idpId`
      Parameters:
      idpId - `id` of IdP (required)
      identityProvider - Updated configuration for the IdP (required)
      Returns:
      IdentityProvider
      Throws:
      ApiException - if fails to make API call

    • replaceIdentityProvider

      public IdentityProvider replaceIdentityProvider(String idpId, IdentityProvider identityProvider, Map<String,String> additionalHeaders) throws ApiException
      Replace an IdP Replaces an identity provider (IdP) integration by `idpId`
      Parameters:
      idpId - `id` of IdP (required)
      identityProvider - Updated configuration for the IdP (required)
      additionalHeaders - additionalHeaders for this call
      Returns:
      IdentityProvider
      Throws:
      ApiException - if fails to make API call

    • getObjectMapper

      protected static com.fasterxml.jackson.databind.ObjectMapper getObjectMapper()