Create an OIDC identity provider.
Public Preview: The atlas api sub-command, automatically generated from the MongoDB Atlas Admin API, offers full coverage of the Admin API and is currently in Public Preview (please provide feedback at https://feedback.mongodb.com/forums/930808-atlas-cli). Admin API capabilities have their own release lifecycle, which you can check via the provided API endpoint documentation link.
Syntax
atlas federatedAuthentication federationSettings identityProvider create oidc [displayName] [options]
Arguments
Name | Type | Required | Description |
|---|---|---|---|
displayName | string | false | The Identity Provider display name. |
Options
Name | Type | Required | Description |
|---|---|---|---|
--associatedDomain | strings | false | List of domains associated with the Identity Provider. |
--audience | string | true | Identifier of the intended recipient of the token. |
--authorizationType | string | true | Type of authorization. Valid values are GROUP or USER. |
--clientId | string | false | Client identifier that is assigned to an application by the Identity Provider. |
--desc | string | true | Description of the Identity Provider. |
--federationSettingsId | string | true | Unique 24-hexadecimal digit string that identifies the federation settings. |
--groupsClaim | string | true | Identifier of the claim which contains IdP Group IDs in the token. |
-h, --help | false | help for oidc | |
--idpType | string | true | Type of Identity Provider. Valid values are WORKFORCE or WORKLOAD. |
--issuerUri | string | true | Unique string that identifies the issuer of the OIDC metadata/discovery document URL. |
-o, --output | string | false | Output format. Valid values are json, json-path, go-template, or go-template-file. To see the full output, use the -o json option. |
--requestedScope | strings | false | Scopes that MongoDB applications will request from the authorization endpoint. |
--userClaim | string | true | Identifier of the claim which contains the user ID in the token. |
Inherited Options
Name | Type | Required | Description |
|---|---|---|---|
-P, --profile | string | false | Name of the profile to use from your configuration file. To learn about profiles for the Atlas CLI, see https://dochub.mongodb.org/core/atlas-cli-save-connection-settings. |
Output
If the command succeeds, the CLI returns output similar to the following sample. Values in brackets represent your values.
Identity provider '<Id>' created.
Examples
# Create an identity provider with name IDPName and from your federation settings with federationSettingsId 5d1113b25a115342acc2d1aa. atlas federatedAuthentication federationSettings identityProvider create oidc IDPName --audience "audience" --authorizationType "GROUP" --clientId clientId --desc "IDPName test" --federationSettingsId "5d1113b25a115342acc2d1aa" --groupsClaim "groups" --idpType "WORKLOAD" --issuerUri uri" --userClaim "user" --associatedDomain "domain"