Identity propagation store metadata entities represent the configuration properties for the store type. The configuration attribute specifies connection information for a store. The response returns the identity store metadata, specifically the connectionProfiles and the connectionAttributes metadata. The connection profile data provides the information needed to create the identity store configuration connection, and the connection attribute metadata describes available attribute details for target identity store attribute mappings.

The bodies for the Identity Propagation Store Metadata requests can be the store type configuration or an empty body (that is, {} and not no body at all). If there is any body content, the service attempts to use the configuration to connect to the store provider (provisioner) to get dynamic metadata, if the provisioner supports that. The body can be empty, which returns the basic static metadata, but if the configuration of the store is in the body, some provisioners support getting dynamic attribute metadata when the store provider is queried for user attributes that may include additional attributes. Examples include the maximum configurable metadata for each store type.

For more information about identity stores, see Propagation stores.

You need the Environment Admin role to perform operations on identity propagation store metadata entities.

Propagation Store Metadata Data Model {#propagation-store-metadata-data-model}

Property Type Required? Mutable? Description
information Object N/A Read-only General information on the connection as described in Properties of information{}
connectionProfiles Object[] N/A Read-only Array of objects that define different profiles for the connection, such as defining different authentication methods described in Properties of connectionProfiles[]
attributeMetadata Object N/A Read-only List of all attributes of the connection described in Properties of attributeMetadata{}

Properties of information{} {#properties-of-information}

Property Type Required? Mutable? Description
baseURLRequired Boolean N/A Read-only Whether a base URL is required
connectionInformationRequired Boolean N/A Read-only Whether connection information is required
displayName String N/A Read-only Suggested text to show for this connection on a user interface
identityProvider Boolean N/A Read-only Whether the store is an identity provider
imageUrl String N/A Read-only URL to an image for the store
key String N/A Read-only Type of connection; can be Aquera, AzureActiveDirectorySAML2, directory, PingOne, Salesforce, SalesforceContacts, scim, Slack, Workday, or Zoom
version String N/A Read-only Version of this metadata

Properties of connectionProfiles[] {#properties-of-connectionprofiles}

Property Type Required? Mutable? Description
connectionAttributes.description String N/A Read-only Description of the attribute
connectionAttributes.displayLabel String N/A Read-only Suggested text to show for this attribute on a user interface
connectionAttributes.key String N/A Read-only JSON key used to retrieve the attribute value
connectionAttributes.possibleValues String[] N/A Read-only Array of all permitted values for this attribute
connectionAttributes.required Boolean N/A Read-only Whether the attribute is required
connectionAttributes.sensitive Boolean N/A Read-only Whether the attribute is sensitive and requires special handling. Examples of sensitive attributes are passwords and credit card information
connectionAttributes.typeBoolean Boolean N/A Read-only Whether the attribute is a boolean data type
description String N/A Read-only Description of the connection
documentationUrl String N/A Read-only URL to the documentation for the store
name String N/A Read-only Unique name for the connection
primary Boolean N/A Read-only Whether this is the primary identity store
specUrl String N/A Read-only URL to the specification for the store

Properties of attributeMetadata{} {#properties-of-attributemetadata}

The attributeMetadata object contains two objects, userAttributes and groupAttributes, that merit further explanation. Each object contains any number of keys, whose values are objects and named like homeStreetAddress or workPostalCode, that represent a specific attribute of users or groups in the store of the connection. These attribute objects have properties defined in Properties of attributes within userAttributes{} and groupAttributes{} that are common to userAttributes and groupAttributes.

Property Type Required? Mutable? Description
capabilities.maxResources Integer N/A Read-only Maximum permitted quantity of this capability
capabilities.type String N/A Read-only Represents the capability
enhancements String[] N/A Read-only Array of enhancements (specific behaviors that the provisioner supports), specifically: treat membership as an attribute of a user (MEMBERSHIP_AS_USER_ATTRIBUTE); treat membership as an attribute on a group (MEMBERSHIP_AS_GROUP_ATTRIBUTE); has a get changed type that returns changes across multiple resource-sets (CAN_HANDLE_GET_ALL_CHANGED); operators supported by GET_MATCHING_USERS (OP_AND, OP_OR, OP_NOT, OP_EQ, OP_NE, OP_GT, OP_LT, OP_GTE, _LTE, OP_IN)
userAttributes Object N/A Read-only User attributes, each an object containing the properties of the attribute
groupAttributes Object N/A Read-only Group attributes, each an object containing the properties of the attribute

Properties of attributes within userAttributes{} and groupAttributes{} {#properties-of-attributes-within-userAttributes-and-groupAttributes}

Property Type Required? Mutable? Description
attributeType String N/A Read-only Type of attribute. This can be STRING, DECIMAL, INTEGER, BOOLEAN
byteLength Integer N/A Read-only Maximum size of the field in bytes for an INTEGER attribute
caseSensitive Boolean N/A Read-only Whether value is case sensitive for a STRING attribute
creatable Boolean N/A Read-only Whether the attribute can be created
defaultValue N/A Read-only Value that is used as the attribute value if no value is provided in the request and defaultedOnCreate is true
defaultedOnCreate Boolean N/A Read-only Whether the attribute is defaulted, requires either a provided value or defaultValue, when created
derived Boolean N/A Read-only Whether the attribute is derived from the value of another attribute
digits Integer N/A Read-only Maximum number of digits permitted for an INTEGER attribute
displayName String N/A Read-only Suggested text for this attribute to show on a user interfacee
distinguishingAttribute Boolean N/A Read-only Whether this attribute can be used as a “secondary GET” option. }
key String N/A Read-only JSON key used to retrieve the user or group attribute value
maxLength Integer N/A Read-only Maximum number of characters permitted for a STRING attribute
maxNumberOfValues Integer N/A Read-only If the attribute is a collection of values (multi-valued), maximum number of values permitted
minLength Integer N/A Read-only Minimum number of characters permitted for a STRING attribute
minNumberOfValues Integer N/A Read-only If the attribute is a collection of values (multi-valued), minimum number of values permitted
nillable Boolean N/A Read-only Whether the attribute value can be empty or null-valued
ordered Boolean N/A Read-only Whether the order of the attribute collection matters
pattern String N/A Read-only Regular expression pattern which describes the attribute
picklistValues [] N/A Read-only Array of all permitted values for this attribute
precision Integer N/A Read-only Maximum quantity of digits that can be stored to the right of the decimal point for a DECIMAL attribute, excludes the decimal point itself
referenceAttribute String[] N/A Read-only Array of other names by which the attribute may be referenced, such as emailAddress for email
requiredOnCreate Boolean N/A Read-only Whether the attribute is required when credating the connection
requiredOnUpdate Boolean N/A Read-only Whether the attribute is required when updating the connection
scale Integer N/A Read-only Maximum quantity of digits that can be stored to the left of the decimal for a DECIMAL attribute
sensitive Boolean N/A Read-only Whether the attribute is sensitive and requires special handling, such as passwords and credit card information
standard String N/A Read-only ISO standard applicable to the attribute
type String N/A Read-only Data type of the attribute; can be STRING, DECIMAL, INTEGER, BOOLEAN
unique Boolean N/A Read-only Whether the attribute value must be unique
updateable Boolean N/A Read-only Whether the attribute can be updated

Response codes

Code Message
201 Successfully created.
400 The request could not be completed.