API Stability |
Long-Term
|
The newAzureAdOidcIdentityProvider() GraphQL mutation field is used to set up a new Azure AD OIDC IDP. It's a root operation.
For more information on the Azure related to this field, see the Service Fabric & LogScale reference page.
Syntax
Below is the syntax for the newAzureAdOidcIdentityProvider() mutation field:
graphql
newAzureAdOidcIdentityProvider(
name: string!,
tenantId: string!,
clientID: string!,
clientSecret: string!,
domains: [string!]!,
enableDebug: boolean,
scopeClaim: string
): OidcIdentityProvider!
Below is an example of how this mutation field might be used:
graphql
mutation {
newAzureAdOidcIdentityProvider(
name: "myAzure-IDP",
tenantId: "123abc",
clientID: "456efg",
clientSecret: "MD39xf83M301",
domains: ["humio"],
enableDebug: false
)
{ id }
}
Returned Datatypes
The returned datatype
OidcIdentityProvider
has several parameters. Below is a list of them along with a
description of each:
Table: OidcIdentityProvider
Parameter | Type | Required | Default | Stability | Description |
---|---|---|---|---|---|
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column. | |||||
Table last updated: Sep 27, 2024 | |||||
authenticationMethod | AuthenticationMethodAuth | yes | Long-Term | The authentication method used. See AuthenticationMethodAuth . | |
authorizationEndpoint | string | Long-Term | A URL to the endpoint a user should be redirected to when authorizing. | ||
clientId | string | yes | Long-Term | The unique identifier for the client. | |
clientSecret | string | yes | Long-Term | The password for the client. | |
debug | boolean | yes | Long-Term | Whether debugging is enabled. | |
defaultIdp | boolean | yes | Long-Term | Whether the identity provider is the default. | |
domains | [string] | yes | Long-Term | The domains authorized by the OIDC identity providers. | |
federatedIdp | string | Long-Term | The Federated IdP. | ||
groupsClaim | string | Long-Term | The name of the claim to interpret as the groups in LogScale. The value in the claim must be an array of strings. Optional. Defaults to humio-groups. | ||
humioManaged | boolean | yes | Long-Term | Whether authentication is managed by LogScale. | |
id | string | yes | Long-Term | The unique identifier for the OIDC identity provider. | |
issuer | string | yes | Long-Term | The issuer of the OIDC authentication. | |
jwksEndpoint | string | Long-Term | A URL to the JWKS endpoint for retrieving keys for validating tokens. Required. | ||
lazyCreateUsers | boolean | yes | Long-Term | Whether to wait to create users until necessary. | |
name | string | yes | Long-Term | The name of the OIDC identity provider. | |
registrationEndpoint | string | Long-Term | To use OIDC as a client, PUBLIC_URL must be set, LogScale must be registered as a client with your OpenID provider, and the provider must allow %PUBLIC_URL%/auth/oidc as a valid redirect endpoint for the client. | ||
scopeClaim | string | Long-Term | The scope claim. | ||
scopes | [string] | yes | Long-Term | Comma-separated list of scopes to add in addition to the default requested scopes (openid, email, and profile). | |
tokenEndpoint | string | Long-Term | A URL to the token endpoint used to exchange a authentication code to an access token. Required for clients. | ||
tokenEndpointAuthMethod | string | yes | Long-Term | A URL to the token endpoint used to exchange a authentication code to an access token. Required for clients. | |
userClaim | string | yes | Long-Term | The name of the claim to interpret as username in LogScale. The value in the claim must be a string. Defaults to humio-user. Can be set to email if using emails as usernames. | |
userInfoEndpoint | string | Long-Term | A URL to the user info endpoint used to retrieve user information from an access token. |