GetIdentityProvider - Identity as a Service - Alibaba Cloud Documentation Center

Retrieves the details of an identity provider.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

eiam:GetIdentityProvider

get

*IdentityProvider

acs:eiam:{#regionId}:{#accountId}:instance/{#InstanceId}/identityprovider/{#IdentityProviderId}

None

Request parameters

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	The instance ID.	idaas_ue2jvisn35ea5lmthk267xxxxx
IdentityProviderId	string	Yes	The ID of the identity provider (IdP).	idp_my664lwkhpicbyzirog3xxxxx

Response elements

Element	Type	Description	Example
	object
IdentityProviderDetail	object	The details of the IdP.
AdvancedStatus	string	Indicates whether the advanced configuration feature is enabled. Valid values: disabled enabled	disabled
AuthnSourceSupplier	string	The authentication source product, such as Okta, Google, or Azure AD. Valid values: DingTalk: urn:alibaba:idaas:idp:alibaba:dingtalk LDAP: urn:alibaba:idaas:idp:unknown:ldap Alibaba Cloud IDaaS: urn:alibaba:idaas:idp:alibaba:idaas WeCom: urn:alibaba:idaas:idp:tencent:wecom Lark: urn:alibaba:idaas:idp:bytedance:lark Active Directory: urn:alibaba:idaas:idp:microsoft:ad Azure Active Directory: urn:alibaba:idaas:idp:microsoft:aad Alibaba Cloud SASE: urn:alibaba:idaas:idp:alibaba:sase	urn:alibaba:idaas:idp:bytedance:lark
AuthnSourceType	string	The authentication method type. Valid values: OIDC: urn:alibaba:idaas:authntype:oidc SAML: urn:alibaba:idaas:authntype:saml2	urn:alibaba:idaas:authntype:oidc
AuthnStatus	string	Indicates whether the IdP supports authentication. Valid values: disabled enabled	disabled
CreateTime	integer	The time when the IdP was created. This value is a UNIX timestamp. Unit: milliseconds.	1726021079000
Description	string	The description of the IdP.	for poc test
DingtalkAppConfig	object	The basic configurations for DingTalk.
AppKey	string	The AppKey of the first-party application in DingTalk.	41reopmwoy9s
AppSecret	string	The AppSecret of the first-party application in DingTalk.	REOQ6Cl55kriOd8NOBeqWYLKpHR4p6fdZxxxx
CorpId	string	The CorpId of the first-party application in DingTalk.	3756043633237690761
DingtalkVersion	string	The DingTalk version. Valid values: public_dingtalk: Standard DingTalk private_dingtalk: Exclusive DingTalk	public_dingtalk
EncryptKey	string	The EncryptKey of the DingTalk application.	29003eb11d0a28b4802a6f02fb8aa25dff730e2ac26ffd200d
VerificationToken	string	The VerificationToken of the DingTalk application.	5ba9c127a7abe029003eb11d0a28b4802a6f02fb8aa25dff730e2ac26ffd200d
DingtalkLoginVersion	string	The version of the DingTalk QR code logon feature. Valid values: old_version : The earlier version of DingTalk QR code logon. new_version : The later version of DingTalk QR code logon.	old_version
DingtalkProvisioningConfig	object	The DingTalk synchronization configurations. This parameter is returned only for DingTalk IdPs.
AuthedDepartmentIds	array<object>	The authorized DingTalk departments.
	object
DeptId	string	The DingTalk department ID.	123xxx444
DeptName	string	The name of the DingTalk department.	测试部门
AuthedUsers	array<object>	The list of authorized DingTalk accounts.
	object
Name	string	The name of the DingTalk user.	张三
UserId	string	The user ID of the DingTalk user.	130308333929200479
CorpId	string	The CorpId of the DingTalk enterprise.	ding_xxxxx
CorpName	string	The name of the DingTalk enterprise.	测试企业
IdentityProviderExternalId	string	The external ID of the IdP.	idp_xxxx
IdentityProviderId	string	The ID of the IdP.	idp_mwpcwnhrimlr2horx7xgg7pp7y
IdentityProviderName	string	The name of the IdP.	test
IdentityProviderType	string	The synchronization type of the IdP. Inbound DingTalk: urn:alibaba:idaas:idp:alibaba:dingtalk:pull Outbound DingTalk: urn:alibaba:idaas:idp:alibaba:dingtalk:push Inbound WeCom: urn:alibaba:idaas:idp:tencent:wecom:pull Inbound Lark: urn:alibaba:idaas:idp:bytedance:lark:pull Inbound AD: urn:alibaba:idaas:idp:microsoft:ad:pull Inbound LDAP: urn:alibaba:idaas:idp:unknown:ldap:pull Standard OIDC: urn:alibaba:idaas:idp:standard:oidc SASE-specific OIDC: urn:alibaba:idaas:idp:alibaba:sase	urn:alibaba:idaas:idp:alibaba:dingtalk:push
InstanceId	string	The instance ID.	idaas_x2df3bak3uwnapqm6xxxx
LarkConfig	object	The Lark configurations.
AppId	string	The corporate ID of the custom Lark application.	cli_a7a99f53a317100c
AppSecret	string	The AppSecret of the custom application in Lark.	***
EnterpriseNumber	string	The enterprise code for Lark.	FX1231xxxx
EncryptKey	string	The EncryptKey of the custom application in Lark.	VkdWw91mdkrjVFr3ObNwefap21dfbZbK
VerificationToken	string	The VerificationToken of the custom application in Lark.	VkdWw91mdkrjVFr3ObNwefap21dfbZbK
LastStatusCheckJobResult	string	The result of the last status check.	success
LdapConfig	object	The information about the Active Directory (AD)/Lightweight Directory Access Protocol (LDAP) IdP.
AdministratorPassword	string	The password of the AD/LDAP administrator account.	XXXX
AdministratorUsername	string	The AD/LDAP administrator account.	example.com
CertificateFingerprintStatus	string	Indicates whether to verify the certificate fingerprint. Valid values: disabled enabled	enabled
CertificateFingerprints	array	The list of certificate fingerprints.
	string	The SHA-256 fingerprint of the public key certificate.	asdsadaasd
LdapProtocol	string	The communication protocol for AD/LDAP.	ldap
LdapServerHost	string	The address of the AD/LDAP server.	127.xx.xx.100
LdapServerPort	integer	The port of the Active Directory (AD) or LDAP server.	389
StartTlsStatus	string	Indicates whether StartTLS is enabled. Valid values: disabled enabled	enabled
LockReason	string	The reason why the IdP is locked.	financial
NetworkAccessEndpointId	string	The network endpoint ID.	nae_mx4vsadfe6govkqkwckxxxx
OidcConfig	object	The OpenID Connect (OIDC) IdP configurations.
AuthnParam	object	The OIDC client authentication configurations.
AuthnMethod	string	The OIDC authentication method.	client_secret_post
ClientId	string	The OIDC client ID.	mkv7rgt4d7i4u7zqtzev2mxxxx
ClientSecret	string	The OIDC client secret.	CSEHDddddddxxxxuxkJEHPveWRXBGqVqRsxxxx
EndpointConfig	object	The OIDC endpoint configurations.
AuthorizationEndpoint	string	The OIDC authorization endpoint.	https://example.com/oauth/authorize
Issuer	string	The OIDC issuer.	https://example.com/oauth
JwksUri	string	The OIDC JSON Web Key Set (JWKS) URI.	https://example.com/oauth/jwks
TokenEndpoint	string	The OIDC token endpoint.	https://example.com/oauth/token
UserinfoEndpoint	string	The OIDC user information endpoint.	https://example.com/oauth/userinfo
GrantScopes	array	The list of OIDC authorization scopes.	openid
	string	The OIDC authorization scope.	ou_asdaq1addsxzdq1xxxx
GrantType	string	The OIDC grant type.	authorization_code
PkceChallengeMethod	string	The Proof Key for Code Exchange (PKCE) algorithm. Valid values: S256: SHA-256 plain: Plaintext	S256
PkceRequired	boolean	Indicates whether PKCE is used in the authorization code grant type.	true
UdPullConfig	object	The inbound synchronization configurations.
GroupSyncStatus	string	Indicates whether to enable group synchronization. Valid values: disabled enabled	disabled
IncrementalCallbackStatus	string	The status of incremental callbacks. This parameter specifies whether to process incremental callback data from the IdP. Valid values: disabled enabled	disabled
UdSyncScopeConfig	object	The synchronization scope configurations.
SourceScopes	array	The list of source nodes for synchronization.
	string	The source node for synchronization.	ou_123xxxx
TargetScope	string	The target node for synchronization.	ou_123xxxx
UdPullStatus	string	Indicates whether the inbound synchronization feature is supported. Valid values: disabled enabled	disabled
UdPushConfig	object	The outbound synchronization configurations.
IncrementalCallbackStatus	string	This parameter is not in use. Ignore this parameter.	disabled
UdSyncScopeConfigs	array<object>	The list of synchronization scope configurations.
	object	The synchronization scope configurations.
SourceScopes	array	The list of source nodes for synchronization.
	string	The source node for synchronization. Enter the organization ID.	ou_123xxxx
TargetScope	string	The target node for synchronization.	ou_123xxxx
UdPushStatus	string	Indicates whether the outbound synchronization feature is enabled. Valid values: disabled enabled	disabled
UpdateTime	integer	The time when the IdP was last updated. This value is a UNIX timestamp. Unit: milliseconds.	1726021079000
WeComConfig	object	The WeCom configuration information.
AgentId	string	The ID of the custom application in WeCom.	1242350
AuthorizeCallbackDomain	string	The authorized callback domain.	https://example.com/xxxx
CorpId	string	The CorpId of the custom application in WeCom.	3562012953454577801
CorpSecret	string	The CorpSecret of the custom application in WeCom.	weaseiszjskejskaj12sjeszojxxxx
TrustableDomain	string	The trusted domain name.	https://example.com
LogoUrl	string	The URL of the custom logo for the IdP.	https://img.alicdn.com/imgextra/i4/O1CN01lvYwpv1aGowQXDML9_!!6000000003303-0-tps-580-580.jpg
RequestId	string	The request ID.	0441BD79-92F3-53AA-8657-F8CE4A2B912A

Examples

Success response

JSON format

{
  "IdentityProviderDetail": {
    "AdvancedStatus": "disabled",
    "AuthnSourceSupplier": "urn:alibaba:idaas:idp:bytedance:lark",
    "AuthnSourceType": "urn:alibaba:idaas:authntype:oidc",
    "AuthnStatus": "disabled",
    "CreateTime": 1726021079000,
    "Description": "for poc test",
    "DingtalkAppConfig": {
      "AppKey": "41reopmwoy9s",
      "AppSecret": "REOQ6Cl55kriOd8NOBeqWYLKpHR4p6fdZxxxx",
      "CorpId": "3756043633237690761",
      "DingtalkVersion": "public_dingtalk",
      "EncryptKey": "29003eb11d0a28b4802a6f02fb8aa25dff730e2ac26ffd200d",
      "VerificationToken": "5ba9c127a7abe029003eb11d0a28b4802a6f02fb8aa25dff730e2ac26ffd200d",
      "DingtalkLoginVersion": "old_version"
    },
    "DingtalkProvisioningConfig": {
      "AuthedDepartmentIds": [
        {
          "DeptId": "123xxx444",
          "DeptName": "测试部门"
        }
      ],
      "AuthedUsers": [
        {
          "Name": "张三",
          "UserId": "130308333929200479"
        }
      ],
      "CorpId": "ding_xxxxx",
      "CorpName": "测试企业"
    },
    "IdentityProviderExternalId": "idp_xxxx",
    "IdentityProviderId": "idp_mwpcwnhrimlr2horx7xgg7pp7y",
    "IdentityProviderName": "test",
    "IdentityProviderType": "urn:alibaba:idaas:idp:alibaba:dingtalk:push\n",
    "InstanceId": "idaas_x2df3bak3uwnapqm6xxxx",
    "LarkConfig": {
      "AppId": "cli_a7a99f53a317100c",
      "AppSecret": "***",
      "EnterpriseNumber": "FX1231xxxx",
      "EncryptKey": "VkdWw91mdkrjVFr3ObNwefap21dfbZbK",
      "VerificationToken": "VkdWw91mdkrjVFr3ObNwefap21dfbZbK"
    },
    "LastStatusCheckJobResult": "success",
    "LdapConfig": {
      "AdministratorPassword": "XXXX",
      "AdministratorUsername": "example.com",
      "CertificateFingerprintStatus": "enabled",
      "CertificateFingerprints": [
        "asdsadaasd"
      ],
      "LdapProtocol": "ldap",
      "LdapServerHost": "127.xx.xx.100",
      "LdapServerPort": 389,
      "StartTlsStatus": "enabled"
    },
    "LockReason": "financial",
    "NetworkAccessEndpointId": "nae_mx4vsadfe6govkqkwckxxxx",
    "OidcConfig": {
      "AuthnParam": {
        "AuthnMethod": "client_secret_post",
        "ClientId": "mkv7rgt4d7i4u7zqtzev2mxxxx",
        "ClientSecret": "CSEHDddddddxxxxuxkJEHPveWRXBGqVqRsxxxx"
      },
      "EndpointConfig": {
        "AuthorizationEndpoint": "https://example.com/oauth/authorize",
        "Issuer": "https://example.com/oauth",
        "JwksUri": "https://example.com/oauth/jwks",
        "TokenEndpoint": "https://example.com/oauth/token",
        "UserinfoEndpoint": "https://example.com/oauth/userinfo"
      },
      "GrantScopes": [
        "ou_asdaq1addsxzdq1xxxx"
      ],
      "GrantType": "authorization_code",
      "PkceChallengeMethod": "S256",
      "PkceRequired": true
    },
    "UdPullConfig": {
      "GroupSyncStatus": "disabled",
      "IncrementalCallbackStatus": "disabled",
      "UdSyncScopeConfig": {
        "SourceScopes": [
          "ou_123xxxx"
        ],
        "TargetScope": "ou_123xxxx"
      }
    },
    "UdPullStatus": "disabled",
    "UdPushConfig": {
      "IncrementalCallbackStatus": "disabled",
      "UdSyncScopeConfigs": [
        {
          "SourceScopes": [
            "ou_123xxxx"
          ],
          "TargetScope": "ou_123xxxx"
        }
      ]
    },
    "UdPushStatus": "disabled",
    "UpdateTime": 1726021079000,
    "WeComConfig": {
      "AgentId": "1242350",
      "AuthorizeCallbackDomain": "https://example.com/xxxx",
      "CorpId": "3562012953454577801",
      "CorpSecret": "weaseiszjskejskaj12sjeszojxxxx",
      "TrustableDomain": "https://example.com"
    },
    "LogoUrl": "https://img.alicdn.com/imgextra/i4/O1CN01lvYwpv1aGowQXDML9_!!6000000003303-0-tps-580-580.jpg"
  },
  "RequestId": "0441BD79-92F3-53AA-8657-F8CE4A2B912A"
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.