OIDCIdentityProvider is a datatype for an OIDC identity provider.

Table: OIDCIdentityProvider

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Jun 26, 2025
authenticationMethodAuthenticationMethodAuthyes Long-TermThe authentication method used. See AuthenticationMethodAuth.
authorizationEndpointstring  Long-TermA URL to the endpoint a user should be redirected to when authorizing.
clientIdstringyes Long-TermThe unique identifier for the client.
clientSecretstringyes Long-TermThe password for the client.
debugbooleanyes Long-TermWhether debugging is enabled.
defaultIdpbooleanyes Long-TermWhether the identity provider is the default.
domains[string]yes Long-TermThe domains authorized by the OIDC identity providers.
federatedIdpstring  Long-TermThe Federated IdP.
groupsClaimstring  Long-TermThe name of the claim to interpret as the groups in LogScale. The value in the claim must be an array of strings. Optional. Defaults to humio-groups.
humioManagedbooleanyes Long-TermWhether authentication is managed by LogScale.
idstringyes Long-TermThe unique identifier for the OIDC identity provider.
issuerstringyes Long-TermThe issuer of the OIDC authentication.
jwksEndpointstring  Long-TermA URL to the JWKS endpoint for retrieving keys for validating tokens. Required.
lazyCreateUsersbooleanyes Long-TermWhether to wait to create users until necessary.
namestringyes Long-TermThe name of the OIDC identity provider.
registrationEndpointstring  Long-TermTo use OIDC as a client, PUBLIC_URL must be set, LogScale must be registered as a client with your OpenID provider, and the provider must allow %PUBLIC_URL%/auth/oidc as a valid redirect endpoint for the client.
scopeClaimstring  Long-TermThe scope claim.
scopes[string]yes Long-TermComma-separated list of scopes to add in addition to the default requested scopes (openid, email, and profile).
tokenEndpointstring  Long-TermA URL to the token endpoint used to exchange a authentication code to an access token. Required for clients.
tokenEndpointAuthMethodstringyes Long-TermA URL to the token endpoint used to exchange a authentication code to an access token. Required for clients.
userClaimstringyes Long-TermThe name of the claim to interpret as username in LogScale. The value in the claim must be a string. Defaults to humio-user. Can be set to email if using emails as usernames.
userInfoEndpointstring  Long-TermA URL to the user info endpoint used to retrieve user information from an access token.