Update One Identity Provider
Updates one identity provider in the specified federation. To use this resource, the requesting Service Account or API Key must have the Organization Owner role in one of the connected organizations.
Note: Changing authorization types and/or updating authorization claims can prevent current users and/or groups from accessing the database. Deprecated versions: v2-{2023-01-01}
Path parameters
-
Unique 24-hexadecimal digit string that identifies your federation.
Format should match the following pattern:
^([a-f0-9]{24})$
. -
Unique string that identifies the identity provider to connect. If using an API version before 11-15-2023, use the legacy 20-hexadecimal digit id. This id can be found within the Federation Management Console > Identity Providers tab by clicking the info icon in the IdP ID row of a configured identity provider. For all other versions, use the 24-hexadecimal digit id.
Query parameters
-
Flag that indicates whether Application wraps the response in an
envelope
JSON object. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. Endpoints that return a list of results use the results object as an envelope. Application adds the status parameter to the response body.Default value is
false
.
Body
object
Required
The identity provider that you want to update.
-
The description of the identity provider.
-
Human-readable label that identifies the identity provider.
Minimum length is
1
, maximum length is50
. -
String enum that indicates the type of the identity provider. Default is WORKFORCE.
Values are
WORKFORCE
orWORKLOAD
. -
Unique string that identifies the issuer of the SAML Assertion or OIDC metadata/discovery document URL.
-
String enum that indicates the protocol of the identity provider. Either SAML or OIDC.
Values are
SAML
orOIDC
. -
List that contains the domains associated with the identity provider.
-
PEM file information for the identity provider's current certificates.
-
SAML Authentication Request Protocol HTTP method binding (POST or REDIRECT) that Federated Authentication uses to send the authentication request.
Values are
HTTP-POST
orHTTP-REDIRECT
. -
Signature algorithm that Federated Authentication uses to encrypt the identity provider signature.
Values are
SHA-1
orSHA-256
. -
Custom SSO Url for the identity provider.
-
Flag that indicates whether the identity provider has SSO debug enabled.
-
URL that points to the receiver of the SAML authentication request.
-
String enum that indicates whether the identity provider is active.
Values are
ACTIVE
orINACTIVE
.
atlas api updateIdentityProvider --help
import (
"os"
"context"
"log"
sdk "go.mongodb.org/atlas-sdk/v20250312001/admin"
)
func main() {
ctx := context.Background()
clientID := os.Getenv("MONGODB_ATLAS_CLIENT_ID")
clientSecret := os.Getenv("MONGODB_ATLAS_CLIENT_SECRET")
client, err := sdk.NewClient(
sdk.UseOAuthAuth(clientID, clientSecret),
sdk.UseBaseURL(url))
if err != nil {
log.Fatalf("Error: %v", err)
}
params = &sdk.UpdateIdentityProviderApiParams{}
sdkResp, httpResp, err := client.FederatedAuthenticationApi.
UpdateIdentityProviderWithParams(ctx, params).
Execute()
}
curl --header "Authorization: Bearer ${ACCESS_TOKEN}" \
--header "Accept: application/vnd.atlas.2025-03-12+json" \
--header "Content-Type: application/json" \
-X PATCH "https://cloud.mongodb.com/api/atlas/v2/federationSettings/{federationSettingsId}/identityProviders/{identityProviderId}" \
-d '{ <Payload> }'
curl --user "${PUBLIC_KEY}:${PRIVATE_KEY}" \
--digest \
--header "Accept: application/vnd.atlas.2025-03-12+json" \
--header "Content-Type: application/json" \
-X PATCH "https://cloud.mongodb.com/api/atlas/v2/federationSettings/{federationSettingsId}/identityProviders/{identityProviderId}" \
-d '{ <Payload> }'
{
"description": "string",
"displayName": "string",
"idpType": "WORKFORCE",
"issuerUri": "urn:idp:default",
"protocol": "SAML",
"associatedDomains": [
"string"
],
"pemFileInfo": {
"certificates": [
{
"content": "string",
"notAfter": "2025-05-04T09:42:00Z",
"notBefore": "2025-05-04T09:42:00Z"
}
],
"fileName": "string"
},
"requestBinding": "HTTP-POST",
"responseSignatureAlgorithm": "SHA-1",
"slug": "string",
"ssoDebugEnabled": true,
"ssoUrl": "https://example.com",
"status": "ACTIVE"
}
{
"description": "string",
"displayName": "string",
"idpType": "WORKFORCE",
"issuerUri": "urn:idp:default",
"protocol": "SAML",
"associatedDomains": [
"string"
],
"audience": "string",
"authorizationType": "GROUP",
"clientId": "string",
"groupsClaim": "string",
"requestedScopes": [
"string"
],
"userClaim": "string"
}
{
"description": "string",
"displayName": "string",
"idpType": "WORKFORCE",
"issuerUri": "urn:idp:default",
"protocol": "SAML",
"audience": "string",
"authorizationType": "GROUP",
"groupsClaim": "string",
"userClaim": "string"
}
{
"associatedOrgs": [
{
"dataAccessIdentityProviderIds": [
"string"
],
"domainAllowList": [
"string"
],
"domainRestrictionEnabled": true,
"identityProviderId": "string",
"orgId": "32b6e34b3d91647abb20e7b8",
"postAuthRoleGrants": [
"ORG_OWNER"
],
"roleMappings": [
{
"externalGroupName": "string",
"id": "32b6e34b3d91647abb20e7b8",
"roleAssignments": [
{
"groupId": "32b6e34b3d91647abb20e7b8",
"orgId": "32b6e34b3d91647abb20e7b8",
"role": "ORG_OWNER"
}
]
}
],
"userConflicts": [
{
"emailAddress": "hello@example.com",
"federationSettingsId": "32b6e34b3d91647abb20e7b8",
"firstName": "string",
"lastName": "string",
"userId": "32b6e34b3d91647abb20e7b8"
}
]
}
],
"createdAt": "2025-05-04T09:42:00Z",
"description": "string",
"displayName": "string",
"id": "32b6e34b3d91647abb20e7b8",
"idpType": "WORKFORCE",
"issuerUri": "string",
"oktaIdpId": "string",
"protocol": "SAML",
"updatedAt": "2025-05-04T09:42:00Z",
"acsUrl": "string",
"associatedDomains": [
"string"
],
"audienceUri": "string",
"pemFileInfo": {
"certificates": [
{
"notAfter": "2025-05-04T09:42:00Z",
"notBefore": "2025-05-04T09:42:00Z"
}
],
"fileName": "string"
},
"requestBinding": "HTTP-POST",
"responseSignatureAlgorithm": "SHA-1",
"slug": "string",
"ssoDebugEnabled": true,
"ssoUrl": "string",
"status": "ACTIVE"
}
{
"associatedOrgs": [
{
"dataAccessIdentityProviderIds": [
"string"
],
"domainAllowList": [
"string"
],
"domainRestrictionEnabled": true,
"identityProviderId": "string",
"orgId": "32b6e34b3d91647abb20e7b8",
"postAuthRoleGrants": [
"ORG_OWNER"
],
"roleMappings": [
{
"externalGroupName": "string",
"id": "32b6e34b3d91647abb20e7b8",
"roleAssignments": [
{
"groupId": "32b6e34b3d91647abb20e7b8",
"orgId": "32b6e34b3d91647abb20e7b8",
"role": "ORG_OWNER"
}
]
}
],
"userConflicts": [
{
"emailAddress": "hello@example.com",
"federationSettingsId": "32b6e34b3d91647abb20e7b8",
"firstName": "string",
"lastName": "string",
"userId": "32b6e34b3d91647abb20e7b8"
}
]
}
],
"createdAt": "2025-05-04T09:42:00Z",
"description": "string",
"displayName": "string",
"id": "32b6e34b3d91647abb20e7b8",
"idpType": "WORKFORCE",
"issuerUri": "string",
"oktaIdpId": "string",
"protocol": "SAML",
"updatedAt": "2025-05-04T09:42:00Z",
"associatedDomains": [
"string"
],
"audience": "string",
"authorizationType": "GROUP",
"clientId": "string",
"groupsClaim": "string",
"requestedScopes": [
"string"
],
"userClaim": "string"
}
{
"associatedOrgs": [
{
"dataAccessIdentityProviderIds": [
"string"
],
"domainAllowList": [
"string"
],
"domainRestrictionEnabled": true,
"identityProviderId": "string",
"orgId": "32b6e34b3d91647abb20e7b8",
"postAuthRoleGrants": [
"ORG_OWNER"
],
"roleMappings": [
{
"externalGroupName": "string",
"id": "32b6e34b3d91647abb20e7b8",
"roleAssignments": [
{
"groupId": "32b6e34b3d91647abb20e7b8",
"orgId": "32b6e34b3d91647abb20e7b8",
"role": "ORG_OWNER"
}
]
}
],
"userConflicts": [
{
"emailAddress": "hello@example.com",
"federationSettingsId": "32b6e34b3d91647abb20e7b8",
"firstName": "string",
"lastName": "string",
"userId": "32b6e34b3d91647abb20e7b8"
}
]
}
],
"createdAt": "2025-05-04T09:42:00Z",
"description": "string",
"displayName": "string",
"id": "32b6e34b3d91647abb20e7b8",
"idpType": "WORKFORCE",
"issuerUri": "string",
"oktaIdpId": "string",
"protocol": "SAML",
"updatedAt": "2025-05-04T09:42:00Z",
"audience": "string",
"authorizationType": "GROUP",
"groupsClaim": "string",
"userClaim": "string"
}
{
"error": 400,
"detail": "(This is just an example, the exception may not be related to this endpoint) No provider AWS exists.",
"reason": "Bad Request",
"errorCode": "VALIDATION_ERROR"
}
{
"error": 401,
"detail": "(This is just an example, the exception may not be related to this endpoint)",
"reason": "Unauthorized",
"errorCode": "NOT_ORG_GROUP_CREATOR"
}
{
"error": 403,
"detail": "(This is just an example, the exception may not be related to this endpoint)",
"reason": "Forbidden",
"errorCode": "CANNOT_CHANGE_GROUP_NAME"
}
{
"error": 404,
"detail": "(This is just an example, the exception may not be related to this endpoint) Cannot find resource AWS",
"reason": "Not Found",
"errorCode": "RESOURCE_NOT_FOUND"
}
{
"error": 500,
"detail": "(This is just an example, the exception may not be related to this endpoint)",
"reason": "Internal Server Error",
"errorCode": "UNEXPECTED_ERROR"
}