cloudflare

import * as Core from 'cloudflare/core'; import { APIResource } from 'cloudflare/resource'; import * as IdentityProvidersAPI from 'cloudflare/resources/zero-trust/identity-providers'; import { SinglePage } from 'cloudflare/pagination'; export declare class IdentityProviders extends APIResource { /** * Adds a new identity provider to Access. */ create(params: IdentityProviderCreateParams, options?: Core.RequestOptions): Core.APIPromise<ZeroTrustIdentityProviders>; /** * Updates a configured identity provider. */ update(uuid: string, params: IdentityProviderUpdateParams, options?: Core.RequestOptions): Core.APIPromise<ZeroTrustIdentityProviders>; /** * Lists all configured identity providers. */ list(params?: IdentityProviderListParams, options?: Core.RequestOptions): Core.PagePromise<IdentityProviderListResponsesSinglePage, IdentityProviderListResponse>; list(options?: Core.RequestOptions): Core.PagePromise<IdentityProviderListResponsesSinglePage, IdentityProviderListResponse>; /** * Deletes an identity provider from Access. */ delete(uuid: string, params?: IdentityProviderDeleteParams, options?: Core.RequestOptions): Core.APIPromise<IdentityProviderDeleteResponse>; delete(uuid: string, options?: Core.RequestOptions): Core.APIPromise<IdentityProviderDeleteResponse>; /** * Fetches a configured identity provider. */ get(uuid: string, params?: IdentityProviderGetParams, options?: Core.RequestOptions): Core.APIPromise<ZeroTrustIdentityProviders>; get(uuid: string, options?: Core.RequestOptions): Core.APIPromise<ZeroTrustIdentityProviders>; } export declare class IdentityProviderListResponsesSinglePage extends SinglePage<IdentityProviderListResponse> { } export type ZeroTrustIdentityProviders = ZeroTrustIdentityProviders.AccessAzureAd | ZeroTrustIdentityProviders.AccessCentrify | ZeroTrustIdentityProviders.AccessFacebook | ZeroTrustIdentityProviders.AccessGitHub | ZeroTrustIdentityProviders.AccessGoogle | ZeroTrustIdentityProviders.AccessGoogleApps | ZeroTrustIdentityProviders.AccessLinkedin | ZeroTrustIdentityProviders.AccessOidc | ZeroTrustIdentityProviders.AccessOkta | ZeroTrustIdentityProviders.AccessOnelogin | ZeroTrustIdentityProviders.AccessPingone | ZeroTrustIdentityProviders.AccessSaml | ZeroTrustIdentityProviders.AccessYandex | ZeroTrustIdentityProviders.AccessOnetimepin; export declare namespace ZeroTrustIdentityProviders { interface AccessAzureAd { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessAzureAd.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessAzureAd.ScimConfig; } namespace AccessAzureAd { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Custom claims */ claims?: Array<string>; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * Should Cloudflare try to load authentication contexts from your account */ conditional_access_enabled?: boolean; /** * Your Azure directory uuid */ directory_id?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; /** * Indicates the type of user interaction that is required. prompt=login forces the * user to enter their credentials on that request, negating single-sign on. * prompt=none is the opposite. It ensures that the user isn't presented with any * interactive prompt. If the request can't be completed silently by using * single-sign on, the Microsoft identity platform returns an interaction_required * error. prompt=select_account interrupts single sign-on providing account * selection experience listing all the accounts either in session or any * remembered account or an option to choose to use a different account altogether. */ prompt?: 'login' | 'select_account' | 'none'; /** * Should Cloudflare try to load groups from your account */ support_groups?: boolean; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessCentrify { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessCentrify.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessCentrify.ScimConfig; } namespace AccessCentrify { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your centrify account url */ centrify_account?: string; /** * Your centrify app id */ centrify_app_id?: string; /** * Custom claims */ claims?: Array<string>; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessFacebook { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessFacebook.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessFacebook.ScimConfig; } namespace AccessFacebook { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessGitHub { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessGitHub.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessGitHub.ScimConfig; } namespace AccessGitHub { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessGoogle { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessGoogle.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessGoogle.ScimConfig; } namespace AccessGoogle { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Custom claims */ claims?: Array<string>; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessGoogleApps { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessGoogleApps.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessGoogleApps.ScimConfig; } namespace AccessGoogleApps { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your companies TLD */ apps_domain?: string; /** * Custom claims */ claims?: Array<string>; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessLinkedin { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessLinkedin.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessLinkedin.ScimConfig; } namespace AccessLinkedin { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessOidc { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessOidc.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessOidc.ScimConfig; } namespace AccessOidc { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * The authorization_endpoint URL of your IdP */ auth_url?: string; /** * The jwks_uri endpoint of your IdP to allow the IdP keys to sign the tokens */ certs_url?: string; /** * Custom claims */ claims?: Array<string>; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; /** * OAuth scopes */ scopes?: Array<string>; /** * The token_endpoint URL of your IdP */ token_url?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessOkta { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessOkta.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessOkta.ScimConfig; } namespace AccessOkta { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your okta authorization server id */ authorization_server_id?: string; /** * Custom claims */ claims?: Array<string>; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; /** * Your okta account url */ okta_account?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessOnelogin { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessOnelogin.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessOnelogin.ScimConfig; } namespace AccessOnelogin { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Custom claims */ claims?: Array<string>; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; /** * Your OneLogin account url */ onelogin_account?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessPingone { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessPingone.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessPingone.ScimConfig; } namespace AccessPingone { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Custom claims */ claims?: Array<string>; /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; /** * The claim name for email in the id_token response. */ email_claim_name?: string; /** * Your PingOne environment identifier */ ping_env_id?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessSaml { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessSaml.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessSaml.ScimConfig; } namespace AccessSaml { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * A list of SAML attribute names that will be added to your signed JWT token and * can be used in SAML policy rules. */ attributes?: Array<string>; /** * The attribute name for email in the SAML response. */ email_attribute_name?: string; /** * Add a list of attribute names that will be returned in the response header from * the Access callback. */ header_attributes?: Array<Config.HeaderAttribute>; /** * X509 certificate to verify the signature in the SAML authentication response */ idp_public_certs?: Array<string>; /** * IdP Entity ID or Issuer URL */ issuer_url?: string; /** * Sign the SAML authentication request with Access credentials. To verify the * signature, use the public key from the Access certs endpoints. */ sign_request?: boolean; /** * URL to send the SAML authentication requests to */ sso_target_url?: string; } namespace Config { interface HeaderAttribute { /** * attribute name from the IDP */ attribute_name?: string; /** * header that will be added on the request to the origin */ header_name?: string; } } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled. */ seat_deprovision?: boolean; /** * A read-only token generated when the SCIM integration is enabled for the first * time. It is redacted on subsequent requests. If you lose this you will need to * refresh it token at /access/identity_providers/:idpID/refresh_scim_secret. */ secret?: string; /** * A flag to enable revoking a user's session in Access and Gateway when they have * been deprovisioned in the Identity Provider. */ user_deprovision?: boolean; } } interface AccessYandex { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ config: AccessYandex.Config; /** * The name of the identity provider, shown to users on the login page. */ name: string; /** * The type of identity provider. To determine the value for a specific provider, * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ type: 'onetimepin' | 'azureAD' | 'saml' | 'centrify' | 'facebook' | 'github' | 'google-apps' | 'google' | 'linkedin' | 'oidc' | 'okta' | 'onelogin' | 'pingone' | 'yandex'; /** * UUID */ id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: AccessYandex.ScimConfig; } namespace AccessYandex { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ interface Config { /** * Your OAuth Client ID */ client_id?: string; /** * Your OAuth Client Secret */ client_secret?: string; } /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ interface ScimConfig { /** * A flag to enable or disable SCIM for the identity provider. */ enabled?: boolean; /** * A flag to revoke a user's session in Access and force a reauthentication on the * user's Gateway session when they have been added or removed from a group in the * Identity Provider. */ group_member_deprovision?: boolean; /** * A flag to remove a user's seat in Zero Trust when they have been deprovisioned * in the Identity Provider. This cannot be enabled unless user_deprovision is also * enabled.