GetApplicationProvisioningConfig - Identity as a Service

Queries the configuration of the account synchronization feature for an application in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM).

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
eiam:GetApplicationProvisioningConfig	get	All Resources ``	none	none

Request parameters

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	The instance ID.	idaas_ue2jvisn35ea5lmthk267xxxxx
ApplicationId	string	Yes	The ID of the application.	app_mkv7rgt4d7i4u7zqtzev2mxxxx

Response parameters

Parameter	Type	Description	Example
	object
RequestId	string	The request ID.	0441BD79-92F3-53AA-8657-F8CE4A2B912A
ApplicationProvisioningConfig	object	The configuration of the account synchronization feature for the application.
InstanceId	string	The ID of the instance.	idaas_ue2jvisn35ea5lmthk267xxxxx
ApplicationId	string	The ID of the application.	app_mkv7rgt4d7i4u7zqtzev2mxxxx
ProvisionProtocolType	string	The synchronization protocol type of the application. Valid values: idaas_callback: custom event callback protocol of IDaaS. scim2: System for Cross-domain Identity Management (SCIM) protocol.	idaas_callback
ProvisionJwksEndpoint	string	The public key endpoint for signature verification of the synchronization callback information.	https://eiam-api-cn-hangzhou.aliyuncs.com/v2/idaas_ue2jvisn35ea5lmthk267xxxxx/app_mkv7rgt4d7i4u7zqtzev2mxxxx/provisioning/jwks
CallbackProvisioningConfig	object	The configuration of the custom event callback protocol of IDaaS.
CallbackUrl	string	The URL that the application uses to receive IDaaS event callbacks.	https://example.com/event/callback
EncryptKey	string	The symmetric key for IDaaS event callbacks. The key is an AES-256 encryption key in the HEX format.	1adfdfdfd******111
EncryptRequired	boolean	Indicates whether IDaaS event callback messages are encrypted. Valid values: true: The messages are encrypted. false: The messages are transmitted in plaintext.	true
ListenEventScopes	array	The list of types of IDaaS event callback messages that are supported by the listener.
ListenEventScop	string	A type of IDaaS event callback message. For information about valid values, see Address book events.	urn:alibaba:idaas:app:event:ud:user:create
ProvisionPassword	boolean	Indicates whether the password is synchronized in IDaaS user event callbacks. Valid values: true: The password is synchronized. false: The password is not synchronized.	true
ScimProvisioningConfig	object	The configuration of SCIM-based IDaaS synchronization.
ScimBaseUrl	string	The base URL that the application uses to receive the SCIM protocol for IDaaS synchronization.	https://example.com/scim
AuthnConfiguration	object	The configuration parameters related to SCIM-based synchronization.
AuthnMode	string	The authentication mode of the SCIM protocol. Valid value: oauth2: OAuth2.0 mode.	oauth2
GrantType	string	The grant type of the SCIM protocol. Valid values: client_credentials: client mode. bearer_token: key mode.	bearer_token
AuthnParam	object	The configuration parameters related to authorization. If the GrantType parameter is set to client_credentials, the configuration parameters ClientId, ClientSecret, and AuthnMethod are returned. If the GrantType parameter is set to bearer_token, the configuration parameter AccessToken is returned.
AccessToken	string	The access token. This parameter is returned when the GrantType parameter is set to bearer_token.	k52x2ru63rlkflina5utgkxxxx
TokenEndpoint	string	The token endpoint.	https://www.example.com/oauth/token
ClientId	string	The client ID of the application.	mkv7rgt4d7i4u7zqtzev2mxxxx
ClientSecret	string	The client secret of the application.	CSEHDcHcrUKHw1CuxkJEHPveWRXBGqVqRsxxxx
AuthnMethod	string	The authentication mode of the SCIM protocol. Valid values: client_secret_basic: The client secret is passed in the request header. client_secret_post: The client secret is passed in the request body.	client_secret_basic
ProvisioningActions	array	The resource operations of the SCIM protocol. Valid values: urn:alibaba:idaas:app:scim:User:CREATE: account creation. urn:alibaba:idaas:app:scim:User:UPDATE: account update. urn:alibaba:idaas:app:scim:User:DELETE: account deletion.
ProvisioningAction	string	A resource operation.	urn:alibaba:idaas:app:scim:User:CREATE
FullPushScopes	array	The full synchronization scope of the SCIM protocol. Valid value: urn:alibaba:idaas:app:scim:User:PUSH: full account data synchronization.
FullPushScop	string	The full synchronization scope of the SCIM protocol.	urn:alibaba:idaas:app:scim:User:PUSH
Status	string	The status of the IDaaS account synchronization feature. Valid values: enabled: The feature is enabled. disabled: The feature is disabled.	enabled
ConfigOperateMode	string	The rendering mode of the account synchronization page. Valid values: standard: standard mode template: template mode	standard

Examples

Sample success responses

JSONformat

{
  "RequestId": "0441BD79-92F3-53AA-8657-F8CE4A2B912A",
  "ApplicationProvisioningConfig": {
    "InstanceId": "idaas_ue2jvisn35ea5lmthk267xxxxx",
    "ApplicationId": "app_mkv7rgt4d7i4u7zqtzev2mxxxx",
    "ProvisionProtocolType": "idaas_callback",
    "ProvisionJwksEndpoint": "https://eiam-api-cn-hangzhou.aliyuncs.com/v2/idaas_ue2jvisn35ea5lmthk267xxxxx/app_mkv7rgt4d7i4u7zqtzev2mxxxx/provisioning/jwks",
    "CallbackProvisioningConfig": {
      "CallbackUrl": "https://example.com/event/callback",
      "EncryptKey": "1adfdfdfd******111",
      "EncryptRequired": true,
      "ListenEventScopes": [
        "urn:alibaba:idaas:app:event:ud:user:create"
      ]
    },
    "ProvisionPassword": true,
    "ScimProvisioningConfig": {
      "ScimBaseUrl": "https://example.com/scim",
      "AuthnConfiguration": {
        "AuthnMode": "oauth2",
        "GrantType": "bearer_token",
        "AuthnParam": {
          "AccessToken": "k52x2ru63rlkflina5utgkxxxx",
          "TokenEndpoint": "https://www.example.com/oauth/token",
          "ClientId": "mkv7rgt4d7i4u7zqtzev2mxxxx",
          "ClientSecret": "CSEHDcHcrUKHw1CuxkJEHPveWRXBGqVqRsxxxx\n",
          "AuthnMethod": "client_secret_basic"
        }
      },
      "ProvisioningActions": [
        "urn:alibaba:idaas:app:scim:User:CREATE"
      ],
      "FullPushScopes": [
        "urn:alibaba:idaas:app:scim:User:PUSH"
      ]
    },
    "Status": "enabled",
    "ConfigOperateMode": "standard"
  }
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation

No change history