Identity providers


Identity provider management

The identity offers service provides endpoints to manage external identity provider configurations. It is one of several related services that enable social login and inbound SAML login features in PingOne for Customers. An identity provider configuration allows linked users to authenticate and gain access to PingOne resources using the login flow and credentials provided by the external identity provider.

PingOne supports Facebook and SAML as external identity providers. The PingOne identity provider resource representing an external provider includes mapping attributes that reference the user attribute (or attributes) from the external identity provider that are mapped to PingOne user attributes.

The mapping attribute placeholder value must be expressed using the following syntax in the request body:

${providerAttributes.<IdP attribute name>}

For example, when Facebook is specified as the the external identity provider, it is required to map the PingOne username attribute to the Facebook email attribute. The request body for this mapping looks like this, with the value attribute showing the Facebook email attribute expressed using the placeholder syntax:

{
    "name": "username",
    "update": "EMPTY_ONLY",
    "value": "${providerAttributes.email}"
}

When SAML is specified as the the external identity provider, any SAML attribute defined in the assertion can be used as the mapping attribute placeholder. The placeholder value must use the following syntax:

${providerAttributes.<SAML attribute name>}

The specified SAML attribute can be mapped to any searchable PingOne user attribute, such as username, name.family, name.given, email, phone, externalId, or population.id.

The following sample shows the request body to map the PingOne externalId attribute to an externalId attribute defined in the SAML assertion.

{
	"name": "externalId",
	"value": "${providerAttributes.externalId}",
	"update": "EMPTY_ONLY"
}

Note: The ${samlAssertion.subject} attribute is a special reserved placeholder to refer to the subject name ID in the SAML assertion response.

Identity provider API operations

The identity provider endpoints support the following operations:

For hands-on experience with the identity provider management API endpoints, click the Run in Postman button below to download a Postman collection that you can import and open in your local Postman application.

Base identity provider data model

Property Description
description A string that specifies the description of the identity provider.
enabled A string that specifies the current enabled state of the identity provider. Options are ENABLED or DISABLED.
environment.id A string that specifies the environment associated with the identity provider resource.
icon.id The ID for the identity provider icon.
icon.href The HREF for the identity provider icon.
id A string that specifies the resource ID.
name A string that specifies the name of the identity provider. This is a required property.
type A string that specifies the identity provider type. This is a required property. Options are FACEBOOK and SAML.

Mapping attributes data model

Property Description
mappingType A string that specifies the mapping type. Options are: CORE (This attribute is required by the schema and cannot be removed. The name and update properties cannot be changed.) or CUSTOM (All user-created attributes are of this type.)
name A string that specifies the user attribute, which is unique per provider. The attribute must not be defined as read only from the user schema or of type COMPLEX based on the user schema. Valid examples: username, and name.first. The following attributes may not be used: account, id, created, updated, lifecycle, mfaEnabled, and enabled.
value A string that specifies a placeholder referring to the attribute (or attributes) from the provider. Placeholders must be valid for the attributes returned by the identity provider type and use the ${} syntax (for example, username="${email}"). For Facebook, see Facebook provider attributes. For SAML, any placeholder is acceptable, and it is mapped against the attributes available in the SAML assertion after authentication. The ${samlAssertion.subject} placeholder is a special reserved placeholder used to refer to the subject name ID in the SAML assertion response.
update A string that specifies whether to update the user attribute in the directory with the non-empty mapped value from the identity provider. Options are: EMPTY_ONLY (only update the user attribute if it has an empty value); ALWAYS (always update the user attribute value).

Facebook identity provider settings data model

Property Description
appId A string that specifies the application ID from Facebook. This is a required property.
appSecret A string that specifies the application secret from Facebook. This is a required property.

SAML service provider settings data model

Property Description
authnRequestSigned A boolean that specifies whether the SAML Authn Request will be signed when sending to the identity provider. The default value is False.
idpEntityId A string that specifies the entity ID URI that is checked against the issuerId tag in the incoming response.
idpVerification.cert.id A string that specifies the identity provider’s certificate ID to be used to verify the signature on the signed assertion from the identity provider. Signing is done with a private key and verified with a public key.
spEntityId A string that specifies the service provider’s entity ID.
spSigning.key.id A string that specifies the service provider’s signing key ID.
ssoBinding A string that specifies the binding to use for the outbound request.
ssoEndpoint A string that specifies the SSO endpoint to send the outbound request.

SAML core attributes

Property Description
username A string that specifies the core SAML attribute. The default value is ${samlAssertion.subject} and the default update value is EMPTY_ONLY.

Facebook core attributes

Property Description
username A string that specifies the core Facebook attribute. The default value is ${providerAttributes.email} and the default update value is EMPTY_ONLY.

Facebook provider attributes

Permission Provider attributes
<default> Options are: id, first_name, last_name, middle_name, name, name_format, and email.
USER_AGE_RANGE Options are: age_range.
USER_BIRTHDAY Options are: birthday.
USER_GENDER Options are: gender.

Attribute type mapping rules

User attribute type Provider JSON value type Result
String * Valid. The value is cast at runtime, as necessary.
Complex * Error
Boolean Boolean Valid
Boolean * Error
JSON Object Valid
JSON * Error
JSON (sub-attribute) * Valid

Response codes

Code Message
200 Successful operation.
201 Successfully created.
204 Successfully removed. No content.
400 The request could not be completed.
401 You do not have access to this resource.
403 You do not have permissions or are not licensed to make this request.
404 The requested resource was not found.
500 An unexpected error occurred.

Endpoint examples

Get identity providers

The GET /environments/{environmentId}/identityProviders endpoint returns a list of all identity provider resources for the specified environment resource.

curl -X "GET" "https://api.pingone.com/v1/environments/{environmentId}/identityProviders" \
-H 'Authorization: Bearer jwtToken'

The response data looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7/identityProviders"
        }
    },
    "_embedded": {
        "identityProviders": [
            {
                "_links": {
                    "self": {
                        "href": "https://api.pingone.com/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7/identityProviders/09470346-7851-4d35-9cdf-4a2dfe39ac2d"
                    },
                    "environment": {
                        "href": "https://api.pingone.com/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7"
                    },
                    "attributes": {
                        "href": "https://api.pingone.com/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7/identityProviders/09470346-7851-4d35-9cdf-4a2dfe39ac2d/attributes"
                    }
                },
                "id": "09470346-7851-4d35-9cdf-4a2dfe39ac2d",
                "type": "FACEBOOK",
                "name": "FacebookIdP4",
                "description": "Custom Facebook ID Provider",
                "enabled": true,
                "environment": {
                    "id": "9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7"
                },
                "createdAt": 1559332375020,
                "updatedAt": 1559332375020,
                "appId": "FBID",
                "appSecret": "FBSecret"
            },
            {
                "_links": {
                    "self": {
                        "href": "https://api.pingone.com/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7/identityProviders/24a838b3-0f97-439b-a5d5-7f202008533e"
                    },
                    "environment": {
                        "href": "https://api.pingone.com/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7"
                    },
                    "attributes": {
                        "href": "https://api.pingone.com/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7/identityProviders/24a838b3-0f97-439b-a5d5-7f202008533e/attributes"
                    }
                },
                "id": "24a838b3-0f97-439b-a5d5-7f202008533e",
                "type": "FACEBOOK",
                "name": "FacebookIdP3",
                "description": "Custom Facebook ID Provider",
                "enabled": true,
                "environment": {
                    "id": "9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7"
                },
                "createdAt": 1559332360091,
                "updatedAt": 1559332360091,
                "appId": "FBID",
                "appSecret": "FBSecret"
            },
            {
                "_links": {
                    "self": {
                        "href": "https://api.pingone.com/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7/identityProviders/ad6e99f3-1053-4ce0-9623-09bab0a1c74a"
                    },
                    "environment": {
                        "href": "https://api.pingone.com/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7"
                    },
                    "attributes": {
                        "href": "https://api.pingone.com/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7/identityProviders/ad6e99f3-1053-4ce0-9623-09bab0a1c74a/attributes"
                    }
                },
                "id": "ad6e99f3-1053-4ce0-9623-09bab0a1c74a",
                "type": "FACEBOOK",
                "name": "FacebookIdP2",
                "description": "Custom Facebook ID Provider",
                "enabled": true,
                "environment": {
                    "id": "9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7"
                },
                "icon": {
                    "id": "9765e2ec-f958-4a20-a178-3ba5f54d6477",
                    "href": "https://upload.wikimedia.org/wikipedia/commons/thumb/9/96/Oxygen-user-identity-female.svg/128px-Oxygen-user-identity-female.svg.png"
                },
                "createdAt": 1558567181201,
                "updatedAt": 1558567181201,
                "appId": "FBID",
                "appSecret": "FBSecret"
            }
        ]
    },
    "size": 3
}

Get one identity provider

To get data for a single identity provider resource, the GET /environments/{environmentId}/identityProviders/{providerId} operation returns data only for the identity provider resource with the specified ID.

curl -X GET "https://api.pingone.com/v1/environments/{environmentId}/identityProviders/{providerId}" \
-H "Authorization: Bearer jwtToken"

The response data looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7/identityProviders/ad6e99f3-1053-4ce0-9623-09bab0a1c74a"
        },
        "environment": {
            "href": "https://api.pingone.com/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7"
        },
        "attributes": {
            "href": "https://api.pingone.com/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7/identityProviders/ad6e99f3-1053-4ce0-9623-09bab0a1c74a/attributes"
        }
    },
    "id": "ad6e99f3-1053-4ce0-9623-09bab0a1c74a",
    "type": "FACEBOOK",
    "name": "FacebookIdP2",
    "description": "Custom Facebook ID Provider",
    "enabled": true,
    "environment": {
        "id": "9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7"
    },
    "icon": {
        "id": "9765e2ec-f958-4a20-a178-3ba5f54d6477",
        "href": "https://upload.wikimedia.org/wikipedia/commons/thumb/9/96/Oxygen-user-identity-female.svg/128px-Oxygen-user-identity-female.svg.png"
    },
    "createdAt": 1558567181201,
    "updatedAt": 1558567181201,
    "appId": "FBID",
    "appSecret": "FBSecret"
}

Add identity providers

The POST /environments/{environmentId}/identityProviders operation adds a new identity provider resource to the specified environment.

curl -X "POST" "https://api.pingone.com/v1/environments/{environmentId}/identityProviders" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken' \
-d '{
  "name": "FacebookIdP6",
  "description": "Facebook social media identity provider.",
  "enabled": false,
  "type": "FACEBOOK",
  "appId" : "appId",
  "appSecret": "appSecret"
}'

The response data for a FACEBOOK identity provider type looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7/identityProviders/65fb47be-c71e-45b6-9c4c-e3deed8df116"
        },
        "environment": {
            "href": "https://api.pingone.com/v1/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7"
        },
        "attributes": {
            "href": "https://api.pingone.com/v1/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7/identityProviders/65fb47be-c71e-45b6-9c4c-e3deed8df116/attributes"
        }
    },
    "id": "65fb47be-c71e-45b6-9c4c-e3deed8df116",
    "type": "FACEBOOK",
    "name": "FacebookIdP6",
    "description": "Facebook social media identity provider.",
    "enabled": false,
    "environment": {
        "id": "9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7"
    },
    "createdAt": "2019-06-17T18:03:45.785Z",
    "updatedAt": "2019-06-17T18:03:45.785Z",
    "appSecret": "FBSecret",
    "appId": "FBID"
}

When the type property value is set to FACEBOOK, Facebook’s appId and appSecret property values are required in the request body.

The following sample shows the request with the type property set to SAML. In addition, this sample uses an expand filter in the request URL to show SAML attribute details.

curl -X "POST" "https://api.pingone.com/v1/environments/{environmentId}/identityProviders?expand=attributes" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken' \
-d '{
  "name": "SAMLIdP",
  "description": "this is SAML IdP test",  
  "type": "SAML",
  "enabled": false,
  "spEntityId": "sp-{$timestamp}",
  "idpEntityId": "idp-{$timestamp}",
  "ssoBinding": "HTTP_POST",
  "ssoEndpoint": "https://idp.com/sso",
  "authnRequestSigned": "false",
  "idpVerification": {
  	"cert": {
  		"id": "{idpVerificationCertId}"
  	}
  },
  "spSigning": {
  	"key": {
  		"id": "{spSigningId}"
  	}
  }
}'

The response data for a SAML identity provider type looks like this:

{
    "_links": {
        "self": {
            "href": "https://api-staging.pingone.com/v1/environments/c9900572-0d85-40b6-a228-f51ac7b67bc7/identityProviders/a9e4e181-f520-4e6e-af30-d3559781ad1b"
        },
        "environment": {
            "href": "https://api-staging.pingone.com/v1/environments/c9900572-0d85-40b6-a228-f51ac7b67bc7"
        },
        "attributes": {
            "href": "https://api-staging.pingone.com/v1/environments/c9900572-0d85-40b6-a228-f51ac7b67bc7/identityProviders/a9e4e181-f520-4e6e-af30-d3559781ad1b/attributes"
        }
    },
    "id": "a9e4e181-f520-4e6e-af30-d3559781ad1b",
    "type": "SAML",
    "name": "SAMLIdP",
    "description": "this is SAML IdP test",
    "enabled": false,
    "environment": {
        "id": "c9900572-0d85-40b6-a228-f51ac7b67bc7"
    },
    "createdAt": "2019-06-17T17:20:12.294Z",
    "updatedAt": "2019-06-17T17:20:12.294Z",
    "_embedded": {
        "attributes": [
            {
                "name": "username",
                "value": "${samlAssertion.subject}",
                "update": "EMPTY_ONLY",
                "id": "51a036c6-41ed-44f7-bd1d-eacaa2a1feab",
                "mappingType": "CORE",
                "environment": {
                    "id": "c9900572-0d85-40b6-a228-f51ac7b67bc7"
                },
                "identityProvider": {
                    "id": "a9e4e181-f520-4e6e-af30-d3559781ad1b"
                },
                "createdAt": "2019-06-17T17:20:12.294Z",
                "updatedAt": "2019-06-17T17:20:12.294Z"
            }
        ]
    },
    "authnRequestSigned": false,
    "ssoEndpoint": "https://idp.com/sso",
    "ssoBinding": "HTTP_POST",
    "idpVerification": {
        "cert": {
            "id": "ccdfe982-6766-48ef-b4fe-cad6c3403035"
        }
    },
    "spEntityId": "sp-1560792011",
    "spSigning": {
        "key": {
            "id": "a65318d7-eaa2-4070-bb73-ffe21a6fca06"
        }
    },
    "idpEntityId": "idp-1560792011"
}

Note: The _embedded attribute in the response lists the SAML attribute mapping resources associated with the new identity provider resource. This particular identity provider has only the default required mapping, in which the PingOne username attribute is mapped to the ${samlAssertion.subject} SAML attribute.

Update an identity provider

To update a property value associated with a selected identity provider resource, use the PUT /environments/{environmentId}/identityProviders/{providerId} operation to modify the specified attribute values. For example, you can change the description attribute value of the identity provider.

curl -X "PUT" "https://api.pingone.com/v1/environments/{environmentId}/identityProviders/{providerId}" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken' \
-d '{
  "description": "My Facebook external identity provider."
}'

Delete an identity provider

To delete an identity provider resource, you need to specify the environment ID and the identity provider resource ID in the request URL. The DELETE /environments/{environmentId}/applications/{applicationId} operation deletes the identified identity provider resource.

curl -X "DELETE" "https://api.pingone.com/v1/environments/{environmentId}/identityProviders/{providerId}" \
-H 'Authorization: Bearer jwtToken'

For successful delete operations, a 204 NO CONTENT message is returned by the request.

Get identity provider attributes

The GET /environments/{environmentId}/identityProviders/{providerId}/attributes endpoint returns a list of all identity provider attribute resources for the specified identity provider resource.

curl -X "GET" "https://api.pingone.com/v1/environments/{environmentId}/identityProviders/{providerId}/attributes" \
-H 'Authorization: Bearer jwtToken'

The response data looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7/identityProviders/ad6e99f3-1053-4ce0-9623-09bab0a1c74a/attributes"
        }
    },
    "_embedded": {
        "attributes": [
            {
                "_links": {
                    "self": {
                        "href": "https://api.pingone.com/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7/identityProviders/ad6e99f3-1053-4ce0-9623-09bab0a1c74a/attributes/d14033ff-cc74-4ea3-9170-400a877de472"
                    },
                    "identityProvider": {
                        "href": "https://api.pingone.com/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7/identityProviders/ad6e99f3-1053-4ce0-9623-09bab0a1c74a"
                    }
                },
                "name": "username",
                "value": "${providerAttributes.email}",
                "update": "EMPTY_ONLY",
                "id": "d14033ff-cc74-4ea3-9170-400a877de472",
                "mappingType": "CORE",
                "environment": {
                    "id": "9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7"
                },
                "identityProvider": {
                    "id": "ad6e99f3-1053-4ce0-9623-09bab0a1c74a"
                },
                "createdAt": 1558567181201,
                "updatedAt": 1558567181201
            },
            {
                "_links": {
                    "self": {
                        "href": "https://api.pingone.com/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7/identityProviders/ad6e99f3-1053-4ce0-9623-09bab0a1c74a/attributes/065281f6-923d-483f-a63f-98888b0c7b01"
                    },
                    "identityProvider": {
                        "href": "https://api.pingone.com/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7/identityProviders/ad6e99f3-1053-4ce0-9623-09bab0a1c74a"
                    }
                },
                "name": "email",
                "value": "${providerAttributes.email}",
                "update": "EMPTY_ONLY",
                "id": "065281f6-923d-483f-a63f-98888b0c7b01",
                "mappingType": "CUSTOM",
                "environment": {
                    "id": "9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7"
                },
                "identityProvider": {
                    "id": "ad6e99f3-1053-4ce0-9623-09bab0a1c74a"
                },
                "createdAt": 1559592542048,
                "updatedAt": 1559592542048
            }
        ]
    },
    "size": 2
}

Get one identity provider attribute

To get data for a single identity provider attribute resource, the GET /environments/{environmentId}/identityProviders/{providerId}/attributes/{attributeId} operation returns data only for the identity provider attribute resource with the specified ID.

curl -X GET "https://api.pingone.com/v1/environments/{environmentId}/identityProviders/{providerId}/attributes/{attributeId}" \
-H "Authorization: Bearer jwtToken"

The response data looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7/identityProviders/ad6e99f3-1053-4ce0-9623-09bab0a1c74a/attributes/065281f6-923d-483f-a63f-98888b0c7b01"
        },
        "identityProvider": {
            "href": "https://api.pingone.com/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7/identityProviders/ad6e99f3-1053-4ce0-9623-09bab0a1c74a"
        }
    },
    "name": "email",
    "value": "${providerAttributes.email}",
    "update": "EMPTY_ONLY",
    "id": "065281f6-923d-483f-a63f-98888b0c7b01",
    "mappingType": "CUSTOM",
    "environment": {
        "id": "9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7"
    },
    "identityProvider": {
        "id": "ad6e99f3-1053-4ce0-9623-09bab0a1c74a"
    },
    "createdAt": 1559592542048,
    "updatedAt": 1559592542048
}

Add identity provider attributes

The POST /environments/{environmentId}/identityProviders/{providerId}/attributes operation adds a new identity provider attribute mapping resource for the specified identity provider.

curl -X "POST" "https://api.pingone.com/v1/environments/{environmentId}/identityProviders/{providerId}/attributes" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken' \
-d '{
    "name": "username",
    "update": "EMPTY_ONLY",
    "value": "${providerAttributes.email}"
}'

The response data for the new Facebook identity provider attribute mapping looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7/identityProviders/ad6e99f3-1053-4ce0-9623-09bab0a1c74a/attributes/065281f6-923d-483f-a63f-98888b0c7b01"
        },
        "identityProvider": {
            "href": "https://api.pingone.com/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7/identityProviders/ad6e99f3-1053-4ce0-9623-09bab0a1c74a"
        }
    },
    "name": "username",
    "value": "${providerAttributes.email}",
    "update": "EMPTY_ONLY",
    "id": "065281f6-923d-483f-a63f-98888b0c7b01",
    "mappingType": "CUSTOM",
    "environment": {
        "id": "9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7"
    },
    "identityProvider": {
        "id": "ad6e99f3-1053-4ce0-9623-09bab0a1c74a"
    },
    "createdAt": 1559592542048,
    "updatedAt": 1559592542048
}

The following sample shows the POST /environments/{environmentId}/identityProviders/{providerId}/attributes operation to add a SAML identity provider attribute resource for the specified identity provider.

curl -X "POST" "https://api.pingone.com/v1/environments/{environmentId}/identityProviders/{providerId}/attributes" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken' \
-d '{
	"name": "externalId",
	"value": "${providerAttributes.externalId}",
	"update": "ALWAYS"
}'

The response data for the new SAML identity provider attribute mapping looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/c9900572-0d85-40b6-a228-f51ac7b67bc7/identityProviders/5cf3a911-174a-4d7a-8cc0-2d038a2de164/attributes/668d84f5-b848-4006-bb25-363214960c27"
        },
        "identityProvider": {
            "href": "https://api.pingone.com/environments/c9900572-0d85-40b6-a228-f51ac7b67bc7/identityProviders/5cf3a911-174a-4d7a-8cc0-2d038a2de164"
        }
    },
    "name": "externalId",
    "value": "${providerAttributes.externalId}",
    "update": "ALWAYS",
    "id": "668d84f5-b848-4006-bb25-363214960c27",
    "mappingType": "CUSTOM",
    "environment": {
        "id": "c9900572-0d85-40b6-a228-f51ac7b67bc7"
    },
    "identityProvider": {
        "id": "5cf3a911-174a-4d7a-8cc0-2d038a2de164"
    },
    "createdAt": 1559601707798,
    "updatedAt": 1559601707798
}

Update an identity provider attribute

To update a property value associated with a selected identity provider attribute resource, use the PUT /environments/{environmentId}/identityProviders/{providerId}/attributes/{attributeId} operation to modify the specified attribute values.

curl -X "PUT" "https://api.pingone.com/v1/environments/{environmentId}/identityProviders/{providerId}" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken' \
-d '{
	"name": "name.given",
	"value": "${providerAttributes.first_name}",
	"update": "EMPTY_ONLY"
}'

The response data looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7/identityProviders/ad6e99f3-1053-4ce0-9623-09bab0a1c74a/attributes/065281f6-923d-483f-a63f-98888b0c7b01"
        },
        "identityProvider": {
            "href": "https://api.pingone.com/environments/9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7/identityProviders/ad6e99f3-1053-4ce0-9623-09bab0a1c74a"
        }
    },
    "name": "name.given",
    "value": "${providerAttributes.first_name}",
    "update": "EMPTY_ONLY",
    "id": "065281f6-923d-483f-a63f-98888b0c7b01",
    "mappingType": "CUSTOM",
    "environment": {
        "id": "9ad15e9e-3ac6-43f7-a053-d46b87d6c4a7"
    },
    "identityProvider": {
        "id": "ad6e99f3-1053-4ce0-9623-09bab0a1c74a"
    },
    "createdAt": 1559592542048,
    "updatedAt": 1559593262040
}

Delete an identity provider attribute

To delete an identity provider attribute resource, you need to specify the environment ID, the identity provider resource ID, and the attribute ID in the request URL. The DELETE /environments/{environmentId}/identityProviders/{providerId}/attributes/{attributeId} operation deletes the identified identity provider attribute resource.

curl -X "DELETE" "https://api.pingone.com/v1/environments/{environmentId}/identityProviders/{providerId}/attributes/{attributeId}" \
-H 'Authorization: Bearer jwtToken'

For successful delete operations, a 204 NO CONTENT message is returned by the request.