The Auth Provider Controller enables management of authentication providers for AdmiralCloud’s OAuth2 authentication server. These endpoints allow you to configure, manage, and integrate various identity providers (IdPs) such as ADFS, Azure AD, or generic SAML providers. This functionality enables Single Sign-On (SSO) capabilities for your applications and streamlines user authentication through your existing identity systems.
Reference
Find AuthProvider
Retrieves information about one or multiple configured authentication providers. Allows searching and filtering of existing auth providers.
GET/v4/authprovider
Request Parameters
| Field | Type | Required | Description |
|---|---|---|---|
| – | ✗ | This endpoint does not require or accept any request parameters |
Response
| Field | Type | Description |
|---|---|---|
| deleted | boolean | Indicates if the auth provider has been permanently deleted |
| entityId | string | Unique identifier for this SAML Service Provider. Must be configured identically in the customer's Identity Provider. Auto-generated from customer ID if not provided. |
| flag | integer | Status flag (0 = active, 1 = in trash) – automatically set by destroy action allowed values: 01 |
| id | integer | Internal ID of the auth provider |
| issuer | string | Identity Provider's entity ID as found in their SAML metadata (e.g., "urn:dev-company.auth0.com") |
| lastEditorId | integer | ID of the user who last modified this auth provider |
| lastUsed | integer | Unix timestamp when this auth provider was last used for authentication |
| metadata | string | SAML metadata XML from the Identity Provider |
| name | string | Display name for this authentication provider |
| settings | object | Configuration settings for this authentication provider |
| └ attributeMapping | object | Maps SAML attributes to internal user fields (e.g., email, firstName) |
| └ entityId | string | Outdated entityId Use root-level entityId field instead |
| └ configuration | object | Legacy configuration object |
| └ legacy | boolean | DO NOT USE |
| ssoIdentifier | string | Generated SSO identifier used in application URLs and configuration |
| type | string | Authentication provider type allowed values: adfsazureoktasaml |
Create AuthProvider
This endpoint allows you to configure a new SSO identity provider. Required parameters include the issuer of the identity provider. Additionally, you can add metadata, a name, and specific settings such as attribute mappings to properly integrate user data into AdmiralCloud.
POST/v4/authprovider
Request Parameters
| Field | Type | Required | Description |
|---|---|---|---|
| entityId | string | ✗ | Unique identifier for this SAML Service Provider. Must be configured identically in the customer's Identity Provider. Auto-generated from customer ID if not provided. |
| issuer | string | ✓ | Identity Provider's entity ID as found in their SAML metadata (e.g., "urn:dev-company.auth0.com") |
| metadata | base64 | ✗ | Base64-encoded SAML metadata XML from the Identity Provider |
| name | string | ✓ | Display name for this authentication provider |
| settings | object | ✗ | |
| └ attributeMapping | object | ✗ | Maps SAML attributes to internal user fields (e.g., email, firstName) |
| └ entityId | string | ✗ | Outdated entityId Use root-level entityId field instead |
| └ configuration | object | ✗ | Legacy configuration object |
| └ legacy | boolean | ✗ | DO NOT USE |
| type | string | ✓ | Authentication provider type allowed values: adfsazureoktasaml |
Response
| Field | Type | Description |
|---|---|---|
| deleted | boolean | Indicates if the auth provider has been permanently deleted |
| entityId | string | Unique identifier for this SAML Service Provider. Must be configured identically in the customer's Identity Provider. Auto-generated from customer ID if not provided. |
| flag | integer | Status flag (0 = active, 1 = in trash) – automatically set by destroy action allowed values: 01 |
| id | integer | Internal ID of the auth provider |
| issuer | string | Identity Provider's entity ID as found in their SAML metadata (e.g., "urn:dev-company.auth0.com") |
| lastEditorId | integer | ID of the user who last modified this auth provider |
| lastUsed | integer | Unix timestamp when this auth provider was last used for authentication |
| metadata | string | SAML metadata XML from the Identity Provider |
| name | string | Display name for this authentication provider |
| settings | object | Configuration settings for this authentication provider |
| └ attributeMapping | object | Maps SAML attributes to internal user fields (e.g., email, firstName) |
| └ entityId | string | Outdated entityId Use root-level entityId field instead |
| └ configuration | object | Legacy configuration object |
| └ legacy | boolean | DO NOT USE |
| ssoIdentifier | string | Generated SSO identifier used in application URLs and configuration |
| type | string | Authentication provider type allowed values: adfsazureoktasaml |
Update AuthProvider
With this endpoint, you can modify the properties of an existing auth provider. This is useful when your identity provider’s configuration changes or when you need to adjust attribute mappings.
PUT/v4/authprovider
Request Parameters
| Field | Type | Required | Description |
|---|---|---|---|
| entityId | string | ✗ | Unique identifier for this SAML Service Provider. Must be configured identically in the customer's Identity Provider. Auto-generated from customer ID if not provided. |
| id | integer | ✓ | Internal ID of the auth provider |
| issuer | string | ✗ | Identity Provider's entity ID as found in their SAML metadata (e.g., "urn:dev-company.auth0.com") |
| metadata | base64 | ✗ | Base64-encoded SAML metadata XML from the Identity Provider |
| name | string | ✓ | Display name for this authentication provider |
| settings | object | ✗ | |
| └ attributeMapping | object | ✗ | Maps SAML attributes to internal user fields (e.g., email, firstName) |
| └ entityId | string | ✗ | Outdated entityId Use root-level entityId field instead |
| └ configuration | object | ✗ | Legacy configuration object |
| └ legacy | boolean | ✗ | DO NOT USE |
| type | string | ✓ | Authentication provider type allowed values: adfsazureoktasaml |
Response
| Field | Type | Description |
|---|---|---|
| deleted | boolean | Indicates if the auth provider has been permanently deleted |
| entityId | string | Unique identifier for this SAML Service Provider. Must be configured identically in the customer's Identity Provider. Auto-generated from customer ID if not provided. |
| flag | integer | Status flag (0 = active, 1 = in trash) – automatically set by destroy action allowed values: 01 |
| id | integer | Internal ID of the auth provider |
| issuer | string | Identity Provider's entity ID as found in their SAML metadata (e.g., "urn:dev-company.auth0.com") |
| lastEditorId | integer | ID of the user who last modified this auth provider |
| lastUsed | integer | Unix timestamp when this auth provider was last used for authentication |
| metadata | string | SAML metadata XML from the Identity Provider |
| name | string | Display name for this authentication provider |
| settings | object | Configuration settings for this authentication provider |
| └ attributeMapping | object | Maps SAML attributes to internal user fields (e.g., email, firstName) |
| └ entityId | string | Outdated entityId Use root-level entityId field instead |
| └ configuration | object | Legacy configuration object |
| └ legacy | boolean | DO NOT USE |
| ssoIdentifier | string | Generated SSO identifier used in application URLs and configuration |
| type | string | Authentication provider type allowed values: adfsazureoktasaml |
Destroy AuthProvider
Use this endpoint to remove an auth provider. By default, the provider is moved to the trash (flag=1), but can be permanently deleted with the forceDestroy=true parameter.
DELETE/v4/authprovider
Request Parameters
| Field | Type | Required | Description |
|---|---|---|---|
| forceDestroy | boolean | ✗ | If true, permanently deletes the auth provider instead of moving to trash |
| id | integer | ✓ | Internal ID of the auth provider |
Response
| Field | Type | Description |
|---|---|---|
| deleted | boolean | Indicates if the auth provider has been permanently deleted |
| entityId | string | Unique identifier for this SAML Service Provider. Must be configured identically in the customer's Identity Provider. Auto-generated from customer ID if not provided. |
| flag | integer | Status flag (0 = active, 1 = in trash) – automatically set by destroy action allowed values: 01 |
| id | integer | Internal ID of the auth provider |
| issuer | string | Identity Provider's entity ID as found in their SAML metadata (e.g., "urn:dev-company.auth0.com") |
| lastEditorId | integer | ID of the user who last modified this auth provider |
| lastUsed | integer | Unix timestamp when this auth provider was last used for authentication |
| metadata | string | SAML metadata XML from the Identity Provider |
| name | string | Display name for this authentication provider |
| settings | object | Configuration settings for this authentication provider |
| └ attributeMapping | object | Maps SAML attributes to internal user fields (e.g., email, firstName) |
| └ entityId | string | Outdated entityId Use root-level entityId field instead |
| └ configuration | object | Legacy configuration object |
| └ legacy | boolean | DO NOT USE |
| ssoIdentifier | string | Generated SSO identifier used in application URLs and configuration |
| type | string | Authentication provider type allowed values: adfsazureoktasaml |