# Create One Identity Provider **POST /api/atlas/v2/federationSettings/{federationSettingsId}/identityProviders** Creates one identity provider within the specified federation. To use this resource, the requesting Service Account or API Key must have the Organization Owner role in one of the connected organizations. **Note**: This resource only supports the creation of OIDC identity providers. ## Servers - https://cloud.mongodb.com: https://cloud.mongodb.com () ## Authentication methods - Service accounts - Digest auth ## Parameters ### Path parameters - **federationSettingsId** (string) Unique 24-hexadecimal digit string that identifies your federation. ### Query parameters - **envelope** (boolean) Flag that indicates whether Application wraps the response in an `envelope` JSON object. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. Endpoints that return a list of results use the results object as an envelope. Application adds the status parameter to the response body. ### Body: application/vnd.atlas.2023-11-15+json (object) The identity provider that you want to create. - **audience** (string) Identifier of the intended recipient of the token. - **authorizationType** (string) Indicates whether authorization is granted based on group membership or user ID. - **description** (string) The description of the identity provider. - **displayName** (string) Human-readable label that identifies the identity provider. - **groupsClaim** (string) Identifier of the claim which contains IdP Group IDs in the token. - **idpType** (string) String enum that indicates the type of the identity provider. Default is WORKFORCE. - **issuerUri** (string) Unique string that identifies the issuer of the SAML Assertion or OIDC metadata/discovery document URL. - **protocol** (string) String enum that indicates the protocol of the identity provider. Either SAML or OIDC. - **userClaim** (string) Identifier of the claim which contains the user ID in the token. - **associatedDomains** (array[string]) List that contains the domains associated with the identity provider. - **clientId** (string) Client identifier that is assigned to an application by the Identity Provider. - **requestedScopes** (array[string]) Scopes that MongoDB applications will request from the authorization endpoint. ## Responses ### 200 OK #### Body: application/vnd.atlas.2023-11-15+json (object) - **associatedOrgs** (array[object]) List that contains the connected organization configurations associated with the identity provider. - **audience** (string) Identifier of the intended recipient of the token. - **authorizationType** (string) Indicates whether authorization is granted based on group membership or user ID. - **createdAt** (string(date-time)) Date that the identity provider was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC. - **description** (string) The description of the identity provider. - **displayName** (string) Human-readable label that identifies the identity provider. - **groupsClaim** (string) Identifier of the claim which contains IdP Group IDs in the token. - **id** (string) Unique 24-hexadecimal digit string that identifies the identity provider. - **idpType** (string) String enum that indicates the type of the identity provider. Default is WORKFORCE. - **issuerUri** (string) Unique string that identifies the issuer of the SAML Assertion or OIDC metadata/discovery document URL. - **oktaIdpId** (string) Legacy 20-hexadecimal digit string that identifies the identity provider. - **protocol** (string) String enum that indicates the protocol of the identity provider. Either SAML or OIDC. - **updatedAt** (string(date-time)) Date that the identity provider was last updated on. This parameter expresses its value in the ISO 8601 timestamp format in UTC. - **userClaim** (string) Identifier of the claim which contains the user ID in the token. - **associatedDomains** (array[string]) List that contains the domains associated with the identity provider. - **clientId** (string) Client identifier that is assigned to an application by the Identity Provider. - **requestedScopes** (array[string]) Scopes that MongoDB applications will request from the authorization endpoint. ### 400 Bad Request. #### Body: application/json (object) - **badRequestDetail** (object) Bad request detail. - **detail** (string) Describes the specific conditions or reasons that cause each type of error. - **error** (integer(int32)) HTTP status code returned with this error. - **errorCode** (string) Application error code returned with this error. - **parameters** (array[object]) Parameters used to give more information about the error. - **reason** (string) Application error message returned with this error. ### 401 Unauthorized. #### Body: application/json (object) - **badRequestDetail** (object) Bad request detail. - **detail** (string) Describes the specific conditions or reasons that cause each type of error. - **error** (integer(int32)) HTTP status code returned with this error. - **errorCode** (string) Application error code returned with this error. - **parameters** (array[object]) Parameters used to give more information about the error. - **reason** (string) Application error message returned with this error. ### 403 Forbidden. #### Body: application/json (object) - **badRequestDetail** (object) Bad request detail. - **detail** (string) Describes the specific conditions or reasons that cause each type of error. - **error** (integer(int32)) HTTP status code returned with this error. - **errorCode** (string) Application error code returned with this error. - **parameters** (array[object]) Parameters used to give more information about the error. - **reason** (string) Application error message returned with this error. ### 404 Not Found. #### Body: application/json (object) - **badRequestDetail** (object) Bad request detail. - **detail** (string) Describes the specific conditions or reasons that cause each type of error. - **error** (integer(int32)) HTTP status code returned with this error. - **errorCode** (string) Application error code returned with this error. - **parameters** (array[object]) Parameters used to give more information about the error. - **reason** (string) Application error message returned with this error. ### 500 Internal Server Error. #### Body: application/json (object) - **badRequestDetail** (object) Bad request detail. - **detail** (string) Describes the specific conditions or reasons that cause each type of error. - **error** (integer(int32)) HTTP status code returned with this error. - **errorCode** (string) Application error code returned with this error. - **parameters** (array[object]) Parameters used to give more information about the error. - **reason** (string) Application error message returned with this error. [Powered by Bump.sh](https://bump.sh)