Identity propagation store metadata entities represent the configuration properties for the store type. The configuration
attribute specifies connection information for a store. The response returns the identity store metadata, specifically the connectionProfiles
and the connectionAttributes
metadata. The connection profile data provides the information needed to create the identity store configuration connection, and the connection attribute metadata describes available attribute details for target identity store attribute mappings.
The bodies for the Identity Propagation Store Metadata requests can be the store type configuration or an empty body (that is, {}
and not no body at all). If there is any body content, the service attempts to use the configuration to connect to the store provider (provisioner) to get dynamic metadata, if the provisioner supports that. The body can be empty, which returns the basic static metadata, but if the configuration of the store is in the body, some provisioners support getting dynamic attribute metadata when the store provider is queried for user attributes that may include additional attributes. Examples include the maximum configurable metadata for each store type.
For more information about identity stores, see Propagation stores.
You need the Environment Admin role to perform operations on identity propagation store metadata entities.
Property | Type | Required? | Mutable? | Description |
---|---|---|---|---|
information |
Object | N/A | Read-only | General information on the connection as described in Properties of information{} |
connectionProfiles |
Object[] | N/A | Read-only | Array of objects that define different profiles for the connection, such as defining different authentication methods described in Properties of connectionProfiles[] |
attributeMetadata |
Object | N/A | Read-only | List of all attributes of the connection described in Properties of attributeMetadata{} |
Property | Type | Required? | Mutable? | Description |
---|---|---|---|---|
baseURLRequired |
Boolean | N/A | Read-only | Whether a base URL is required |
connectionInformationRequired |
Boolean | N/A | Read-only | Whether connection information is required |
displayName |
String | N/A | Read-only | Suggested text to show for this connection on a user interface |
identityProvider |
Boolean | N/A | Read-only | Whether the store is an identity provider |
imageUrl |
String | N/A | Read-only | URL to an image for the store |
key |
String | N/A | Read-only | Type of connection; can be Aquera , AzureActiveDirectorySAML2 , directory , PingOne , Salesforce , SalesforceContacts , scim , Slack , Workday , or Zoom |
version |
String | N/A | Read-only | Version of this metadata |
Property | Type | Required? | Mutable? | Description |
---|---|---|---|---|
connectionAttributes.description |
String | N/A | Read-only | Description of the attribute |
connectionAttributes.displayLabel |
String | N/A | Read-only | Suggested text to show for this attribute on a user interface |
connectionAttributes.key |
String | N/A | Read-only | JSON key used to retrieve the attribute value |
connectionAttributes.possibleValues |
String[] | N/A | Read-only | Array of all permitted values for this attribute |
connectionAttributes.required |
Boolean | N/A | Read-only | Whether the attribute is required |
connectionAttributes.sensitive |
Boolean | N/A | Read-only | Whether the attribute is sensitive and requires special handling. Examples of sensitive attributes are passwords and credit card information |
connectionAttributes.typeBoolean |
Boolean | N/A | Read-only | Whether the attribute is a boolean data type |
description |
String | N/A | Read-only | Description of the connection |
documentationUrl |
String | N/A | Read-only | URL to the documentation for the store |
name |
String | N/A | Read-only | Unique name for the connection |
primary |
Boolean | N/A | Read-only | Whether this is the primary identity store |
specUrl |
String | N/A | Read-only | URL to the specification for the store |
The attributeMetadata
object contains two objects, userAttributes
and groupAttributes
, that merit further explanation. Each object contains any number of keys, whose values are objects and named like homeStreetAddress
or workPostalCode
, that represent a specific attribute of users or groups in the store of the connection. These attribute objects have properties defined in Properties of attributes within userAttributes{} and groupAttributes{} that are common to userAttributes
and groupAttributes
.
Property | Type | Required? | Mutable? | Description |
---|---|---|---|---|
capabilities.maxResources |
Integer | N/A | Read-only | Maximum permitted quantity of this capability |
capabilities.type |
String | N/A | Read-only | Represents the capability |
enhancements |
String[] | N/A | Read-only | Array of enhancements (specific behaviors that the provisioner supports), specifically: treat membership as an attribute of a user (MEMBERSHIP_AS_USER_ATTRIBUTE ); treat membership as an attribute on a group (MEMBERSHIP_AS_GROUP_ATTRIBUTE ); has a get changed type that returns changes across multiple resource-sets (CAN_HANDLE_GET_ALL_CHANGED ); operators supported by GET_MATCHING_USERS (OP_AND , OP_OR , OP_NOT , OP_EQ , OP_NE , OP_GT , OP_LT , OP_GTE , _LTE, OP_IN ) |
userAttributes |
Object | N/A | Read-only | User attributes, each an object containing the properties of the attribute |
groupAttributes |
Object | N/A | Read-only | Group attributes, each an object containing the properties of the attribute |
Property | Type | Required? | Mutable? | Description |
---|---|---|---|---|
attributeType |
String | N/A | Read-only | Type of attribute. This can be STRING , DECIMAL , INTEGER , BOOLEAN |
byteLength |
Integer | N/A | Read-only | Maximum size of the field in bytes for an INTEGER attribute |
caseSensitive |
Boolean | N/A | Read-only | Whether value is case sensitive for a STRING attribute |
creatable |
Boolean | N/A | Read-only | Whether the attribute can be created |
defaultValue |
N/A | Read-only | Value that is used as the attribute value if no value is provided in the request and defaultedOnCreate is true |
|
defaultedOnCreate |
Boolean | N/A | Read-only | Whether the attribute is defaulted, requires either a provided value or defaultValue , when created |
derived |
Boolean | N/A | Read-only | Whether the attribute is derived from the value of another attribute |
digits |
Integer | N/A | Read-only | Maximum number of digits permitted for an INTEGER attribute |
displayName |
String | N/A | Read-only | Suggested text for this attribute to show on a user interfacee |
distinguishingAttribute |
Boolean | N/A | Read-only | Whether this attribute can be used as a “secondary GET” option. } |
key |
String | N/A | Read-only | JSON key used to retrieve the user or group attribute value |
maxLength |
Integer | N/A | Read-only | Maximum number of characters permitted for a STRING attribute |
maxNumberOfValues |
Integer | N/A | Read-only | If the attribute is a collection of values (multi-valued), maximum number of values permitted |
minLength |
Integer | N/A | Read-only | Minimum number of characters permitted for a STRING attribute |
minNumberOfValues |
Integer | N/A | Read-only | If the attribute is a collection of values (multi-valued), minimum number of values permitted |
nillable |
Boolean | N/A | Read-only | Whether the attribute value can be empty or null-valued |
ordered |
Boolean | N/A | Read-only | Whether the order of the attribute collection matters |
pattern |
String | N/A | Read-only | Regular expression pattern which describes the attribute |
picklistValues |
N/A | Read-only | Array of all permitted values for this attribute | |
precision |
Integer | N/A | Read-only | Maximum quantity of digits that can be stored to the right of the decimal point for a DECIMAL attribute, excludes the decimal point itself |
referenceAttribute |
String[] | N/A | Read-only | Array of other names by which the attribute may be referenced, such as emailAddress for email |
requiredOnCreate |
Boolean | N/A | Read-only | Whether the attribute is required when credating the connection |
requiredOnUpdate |
Boolean | N/A | Read-only | Whether the attribute is required when updating the connection |
scale |
Integer | N/A | Read-only | Maximum quantity of digits that can be stored to the left of the decimal for a DECIMAL attribute |
sensitive |
Boolean | N/A | Read-only | Whether the attribute is sensitive and requires special handling, such as passwords and credit card information |
standard |
String | N/A | Read-only | ISO standard applicable to the attribute |
type |
String | N/A | Read-only | Data type of the attribute; can be STRING , DECIMAL , INTEGER , BOOLEAN |
unique |
Boolean | N/A | Read-only | Whether the attribute value must be unique |
updateable |
Boolean | N/A | Read-only | Whether the attribute can be updated |
Code | Message |
---|---|
201 | Successfully created. |
400 | The request could not be completed. |