| Name | Type | Description | Notes |
|---|---|---|---|
| pk | UUID | [readonly] | |
| name | String | Source's display Name. | |
| slug | String | Internal source name, used in URLs. | |
| enabled | Bool | [optional] | |
| authenticationFlow | UUID | Flow to use when authenticating existing users. | [optional] |
| enrollmentFlow | UUID | Flow to use when enrolling new users. | [optional] |
| component | String | Get object component so that we know how to edit the object | [readonly] |
| verboseName | String | Return object's verbose_name | [readonly] |
| verboseNamePlural | String | Return object's plural verbose_name | [readonly] |
| metaModelName | String | Return internal model name | [readonly] |
| policyEngineMode | PolicyEngineMode | [optional] | |
| userMatchingMode | UserMatchingModeEnum | How the source determines if an existing user should be authenticated or a new user enrolled. * `identifier` - Use the source-specific identifier * `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses. * `email_deny` - Use the user's email address, but deny enrollment when the email address already exists. * `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source. * `username_deny` - Use the user's username, but deny enrollment when the username already exists. | [optional] |
| managed | String | Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. | [readonly] |
| userPathTemplate | String | [optional] | |
| icon | String | Get the URL to the Icon. If the name is /static or starts with http it is returned as-is | [readonly] |
| preAuthenticationFlow | UUID | Flow used before authentication. | |
| issuer | String | Also known as Entity ID. Defaults the Metadata URL. | [optional] |
| ssoUrl | String | URL that the initial Login request is sent to. | |
| sloUrl | String | Optional URL if your IDP supports Single-Logout. | [optional] |
| allowIdpInitiated | Bool | Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. | [optional] |
| nameIdPolicy | NameIdPolicyEnum | NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent. * `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress` - Email * `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` - Persistent * `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName` - X509 * `urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName` - Windows * `urn:oasis:names:tc:SAML:2.0:nameid-format:transient` - Transient | [optional] |
| bindingType | BindingTypeEnum | [optional] | |
| verificationKp | UUID | When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. | [optional] |
| signingKp | UUID | Keypair used to sign outgoing Responses going to the Identity Provider. | [optional] |
| digestAlgorithm | DigestAlgorithmEnum | [optional] | |
| signatureAlgorithm | SignatureAlgorithmEnum | [optional] | |
| temporaryUserDeleteAfter | String | Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3). | [optional] |
This repository has been archived by the owner on Apr 17, 2024. It is now read-only.