# CreateIdentityProvider
<a name="API_CreateIdentityProvider"></a>

Creates an identity provider resource that is then associated with a web portal.

## Request Syntax
<a name="API_CreateIdentityProvider_RequestSyntax"></a>

```
POST /identityProviders HTTP/1.1
Content-type: application/json

{
   "clientToken": "string",
   "identityProviderDetails": { 
      "string" : "string" 
   },
   "identityProviderName": "string",
   "identityProviderType": "string",
   "portalArn": "string",
   "tags": [ 
      { 
         "Key": "string",
         "Value": "string"
      }
   ]
}
```

## URI Request Parameters
<a name="API_CreateIdentityProvider_RequestParameters"></a>

The request does not use any URI parameters.

## Request Body
<a name="API_CreateIdentityProvider_RequestBody"></a>

The request accepts the following data in JSON format.

 ** [clientToken](#API_CreateIdentityProvider_RequestSyntax) **   <a name="workspacesweb-CreateIdentityProvider-request-clientToken"></a>
A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.  
If you do not specify a client token, one is automatically generated by the AWS SDK.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 512.  
Required: No

 ** [identityProviderDetails](#API_CreateIdentityProvider_RequestSyntax) **   <a name="workspacesweb-CreateIdentityProvider-request-identityProviderDetails"></a>
The identity provider details. The following list describes the provider detail keys for each identity provider type.   
+ For Google and Login with Amazon:
  +  `client_id` 
  +  `client_secret` 
  +  `authorize_scopes` 
+ For Facebook:
  +  `client_id` 
  +  `client_secret` 
  +  `authorize_scopes` 
  +  `api_version` 
+ For Sign in with Apple:
  +  `client_id` 
  +  `team_id` 
  +  `key_id` 
  +  `private_key` 
  +  `authorize_scopes` 
+ For OIDC providers:
  +  `client_id` 
  +  `client_secret` 
  +  `attributes_request_method` 
  +  `oidc_issuer` 
  +  `authorize_scopes` 
  +  `authorize_url` *if not available from discovery URL specified by `oidc_issuer` key* 
  +  `token_url` *if not available from discovery URL specified by `oidc_issuer` key* 
  +  `attributes_url` *if not available from discovery URL specified by `oidc_issuer` key* 
  +  `jwks_uri` *if not available from discovery URL specified by `oidc_issuer` key* 
+ For SAML providers:
  +  `MetadataFile` OR `MetadataURL` 
  +  `IDPSignout` (boolean) *optional* 
  +  `IDPInit` (boolean) *optional* 
  +  `RequestSigningAlgorithm` (string) *optional* - Only accepts `rsa-sha256` 
  +  `EncryptedResponses` (boolean) *optional* 
Type: String to string map  
Key Length Constraints: Minimum length of 0. Maximum length of 131072.  
Key Pattern: `[\s\S]*`   
Value Length Constraints: Minimum length of 0. Maximum length of 131072.  
Value Pattern: `[\s\S]*`   
Required: Yes

 ** [identityProviderName](#API_CreateIdentityProvider_RequestSyntax) **   <a name="workspacesweb-CreateIdentityProvider-request-identityProviderName"></a>
The identity provider name.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 32.  
Pattern: `[^_][\p{L}\p{M}\p{S}\p{N}\p{P}][^_]+`   
Required: Yes

 ** [identityProviderType](#API_CreateIdentityProvider_RequestSyntax) **   <a name="workspacesweb-CreateIdentityProvider-request-identityProviderType"></a>
The identity provider type.  
Type: String  
Valid Values: `SAML | Facebook | Google | LoginWithAmazon | SignInWithApple | OIDC`   
Required: Yes

 ** [portalArn](#API_CreateIdentityProvider_RequestSyntax) **   <a name="workspacesweb-CreateIdentityProvider-request-portalArn"></a>
The ARN of the web portal.  
Type: String  
Length Constraints: Minimum length of 20. Maximum length of 2048.  
Pattern: `arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+`   
Required: Yes

 ** [tags](#API_CreateIdentityProvider_RequestSyntax) **   <a name="workspacesweb-CreateIdentityProvider-request-tags"></a>
The tags to add to the identity provider resource. A tag is a key-value pair.  
Type: Array of [Tag](API_Tag.md) objects  
Array Members: Minimum number of 0 items. Maximum number of 200 items.  
Required: No

## Response Syntax
<a name="API_CreateIdentityProvider_ResponseSyntax"></a>

```
HTTP/1.1 200
Content-type: application/json

{
   "identityProviderArn": "string"
}
```

## Response Elements
<a name="API_CreateIdentityProvider_ResponseElements"></a>

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [identityProviderArn](#API_CreateIdentityProvider_ResponseSyntax) **   <a name="workspacesweb-CreateIdentityProvider-response-identityProviderArn"></a>
The ARN of the identity provider.  
Type: String  
Length Constraints: Minimum length of 20. Maximum length of 2048.  
Pattern: `arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36}){2,}` 

## Errors
<a name="API_CreateIdentityProvider_Errors"></a>

For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
Access is denied.  
HTTP Status Code: 403

 ** ConflictException **   
There is a conflict.    
 ** resourceId **   
Identifier of the resource affected.  
 ** resourceType **   
Type of the resource affected.
HTTP Status Code: 409

 ** InternalServerException **   
There is an internal server error.    
 ** retryAfterSeconds **   
Advice to clients on when the call can be safely retried.
HTTP Status Code: 500

 ** ResourceNotFoundException **   
The resource cannot be found.    
 ** resourceId **   
Hypothetical identifier of the resource affected.  
 ** resourceType **   
Hypothetical type of the resource affected.
HTTP Status Code: 404

 ** ServiceQuotaExceededException **   
The service quota has been exceeded.    
 ** quotaCode **   
The originating quota.  
 ** resourceId **   
Identifier of the resource affected.  
 ** resourceType **   
 Type of the resource affected.  
 ** serviceCode **   
The originating service.
HTTP Status Code: 402

 ** ThrottlingException **   
There is a throttling error.    
 ** quotaCode **   
The originating quota.  
 ** retryAfterSeconds **   
Advice to clients on when the call can be safely retried.  
 ** serviceCode **   
The originating service.
HTTP Status Code: 429

 ** ValidationException **   
There is a validation error.    
 ** fieldList **   
The field that caused the error.  
 ** reason **   
Reason the request failed validation
HTTP Status Code: 400

## See Also
<a name="API_CreateIdentityProvider_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/workspaces-web-2020-07-08/CreateIdentityProvider) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/workspaces-web-2020-07-08/CreateIdentityProvider) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/workspaces-web-2020-07-08/CreateIdentityProvider) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/workspaces-web-2020-07-08/CreateIdentityProvider) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/workspaces-web-2020-07-08/CreateIdentityProvider) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/workspaces-web-2020-07-08/CreateIdentityProvider) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/workspaces-web-2020-07-08/CreateIdentityProvider) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/workspaces-web-2020-07-08/CreateIdentityProvider) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/workspaces-web-2020-07-08/CreateIdentityProvider) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/workspaces-web-2020-07-08/CreateIdentityProvider)