CreateIdentityProvider - Amazon WorkSpaces Secure Browser
Request SyntaxURI Request ParametersRequest BodyResponse SyntaxResponse ElementsErrorsSee Also

CreateIdentityProvider

Creates an identity provider resource that is then associated with a web portal.

Request Syntax

POST /identityProviders HTTP/1.1
Content-type: application/json

{
   "clientToken": "string",
   "identityProviderDetails": { 
      "string" : "string" 
   },
   "identityProviderName": "string",
   "identityProviderType": "string",
   "portalArn": "string",
   "tags": [ 
      { 
         "Key": "string",
         "Value": "string"
      }
   ]
}

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

clientToken

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.

If you do not specify a client token, one is automatically generated by the AWS SDK.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 512.

Required: No

identityProviderDetails

The identity provider details. The following list describes the provider detail keys for each identity provider type.

  • For Google and Login with Amazon:

    • client_id

    • client_secret

    • authorize_scopes

  • For Facebook:

    • client_id

    • client_secret

    • authorize_scopes

    • api_version

  • For Sign in with Apple:

    • client_id

    • team_id

    • key_id

    • private_key

    • authorize_scopes

  • For OIDC providers:

    • client_id

    • client_secret

    • attributes_request_method

    • oidc_issuer

    • authorize_scopes

    • authorize_url if not available from discovery URL specified by oidc_issuer key

    • token_url if not available from discovery URL specified by oidc_issuer key

    • attributes_url if not available from discovery URL specified by oidc_issuer key

    • jwks_uri if not available from discovery URL specified by oidc_issuer key

  • For SAML providers:

    • MetadataFile OR MetadataURL

    • IDPSignout (boolean) optional

    • IDPInit (boolean) optional

    • RequestSigningAlgorithm (string) optional - Only accepts rsa-sha256

    • EncryptedResponses (boolean) optional

Type: String to string map

Key Length Constraints: Minimum length of 0. Maximum length of 131072.

Key Pattern: [\s\S]*

Value Length Constraints: Minimum length of 0. Maximum length of 131072.

Value Pattern: [\s\S]*

Required: Yes

identityProviderName

The identity provider name.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 32.

Pattern: [^_][\p{L}\p{M}\p{S}\p{N}\p{P}][^_]+

Required: Yes

identityProviderType

The identity provider type.

Type: String

Valid Values: SAML | Facebook | Google | LoginWithAmazon | SignInWithApple | OIDC

Required: Yes

portalArn

The ARN of the web portal.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+

Required: Yes

tags

The tags to add to the identity provider resource. A tag is a key-value pair.

Type: Array of Tag objects

Array Members: Minimum number of 0 items. Maximum number of 200 items.

Required: No

Response Syntax

HTTP/1.1 200
Content-type: application/json

{
   "identityProviderArn": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

identityProviderArn

The ARN of the identity provider.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36}){2,}

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

Access is denied.

HTTP Status Code: 403

ConflictException

There is a conflict.

HTTP Status Code: 409

InternalServerException

There is an internal server error.

HTTP Status Code: 500

ResourceNotFoundException

The resource cannot be found.

HTTP Status Code: 404

ServiceQuotaExceededException

The service quota has been exceeded.

HTTP Status Code: 402

ThrottlingException

There is a throttling error.

HTTP Status Code: 429

ValidationException

There is a validation error.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: