IdentityProviders
The identity providers in the environment.
View-Specific Information
SELECT
Reading data from this entity requires Read Identity Provider/identityProviders:read:identityProvider permission.We recommend using the built-in Client Application Developer role.
The connector uses the PingOne Platform API to process WHERE clause conditions built with the following columns and operators.
- Id supports the following operators: =, IN.
All other filters are processed client-side within the connector.
For example, the following queries are processed server-side:
SELECT * FROM Administrators.IdentityProviders WHERE Id = 'e3fc0e64-5686-4003-b81b-a79508f77e5a';
SELECT * FROM Administrators.IdentityProviders WHERE Id IN ('e3fc0e64-5686-4003-b81b-a79508f77e5a', 'ada05412-75a9-4faa-b9d6-345537b50f1e');
Columns
| Name | Type | References | Description |
| Id [KEY] | String | The identity provider identifier (UUID). | |
| Name | String | The name of the identity provider. | |
| Description | String | The identity provider's description. | |
| Type | String | The type of the identity provider. | |
| Enabled | Boolean | Boolean value indicating whether the identity provider is enabled. | |
| CreatedAt | Datetime | The time at which the identity provider was created. | |
| UpdatedAt | Datetime | The time at which the identity provider was last updated. | |
| IconURL | String | The URL referencing the image to use for the identity provider icon. | |
| PopulationId | String | Populations.Id | The identifier (UUID) of the population in which new users are created when just-in-time (JIT) provisioning is used through the identity provider. |
| EnvironmentId | String | Information.Environments.Id | The identifier (UUID) of the environment in which the identity provider exists. |
| ClientId | String | The application ID that is generated by the OpenID identity provider. | |
| ClientSecret | String | The application secret that is generated by the OpenID identity provider. | |
| DiscoveryEndpoint | String | The endpoint that PingOne uses to retrieve and pre-populate OpenID identity provider configuration information. | |
| UserInfoEndpoint | String | The URL that specifies the token endpoint for the OpenID identity provider. | |
| AuthorizationEndpoint | String | The URL that specifies the authorization endpoint for the OpenID identity provider. | |
| TokenEndpoint | String | The URL that specifies the token endpoint for the OpenID identity provider. | |
| TokenEndpointMethod | String | The method to use for the token endpoint. Possible values are: 'NONE', 'CLIENT_SECRET_BASIC', 'CLIENT_SECRET_POST'. | |
| Issuer | String | The issuer to which the authentication is sent for the OpenID identity provider. | |
| Scopes | String | The scopes to include in the authentication request to the OpenID identity provider. | |
| JWKSUrl | String | The URL that specifies the JSON web key set (JWKS) endpoint for the OpenID identity provider. | |
| PKCEMethod | String | A string indicating how PKCE request parameters are handled when the authorization endpoint (AuthorizationEndpoint column) is used. Possible values are: 'NONE' and 'S256'. | |
| EntityId | String | The SAML identity provider's entity ID. | |
| VerificationCertificates | String | The identifiers (UUID) of the verification certificates, which are used to verify the signature on the signed assertion from the identity provider. This information is represented in JSON format (aggregate). | |
| ServiceProviderEntityId | String | The entity ID for the service provider, which is used as the 'Issuer' when PingOne sends a request to the identity provider. | |
| ServiceProviderSigningKeyId | String | The identifier (UUID) of the certificate that confirms that requests, responses, and assertions actually came from the service provider. | |
| ServiceProviderSigningAlgorithm | String | The algorithm used by the service provider signing key. Possible values are: 'SHA256withRSA', 'SHA384withRSA', 'SHA512withRSA', 'SHA256withECDSA', 'SHA384withECDSA', and 'SHA512withECDSA'. | |
| EnableAuthenticationRequestSigning | Boolean | Boolean value indicating whether Authentication Request signing should be enforced. | |
| SSOBinding | String | The binding to use for the authentication request. Possible values are: 'HTTP_POST' and 'HTTP_REDIRECT'. | |
| SSOEndpoint | String | The SSO endpoint for the authentication request. | |
| SLOBinding | String | The binding to use for the logout request. Possible values are: 'HTTP_POST' and 'HTTP_REDIRECT'. | |
| SLOEndpoint | String | The URL of the single logout service. | |
| SLOResponseEndpoint | String | The URL of the single logout response service. | |
| SLOWindow | Integer | An integer indicating how long (in hours) PingOne can exchange logout messages with the identity provider, specifically a 'LogoutRequest' from the identity provider, since the initial request. |