SetApplicationProvisioningConfig - Identity as a Service

Configures the account synchronization feature for an application in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM).

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
eiam:SetApplicationProvisioningConfig		All Resources ``	none	none

Request parameters

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	The ID of the instance.	idaas_ue2jvisn35ea5lmthk267xxxxx
ApplicationId	string	Yes	The ID of the application.	app_mkv7rgt4d7i4u7zqtzev2mxxxx
ProvisionProtocolType	string	Yes	The synchronization protocol type of the application. Valid values: idaas_callback: custom event callback protocol of IDaaS. scim2: System for Cross-domain Identity Management (SCIM) protocol.	idaas_callback
CallbackProvisioningConfig	object	No	The configuration of event callback synchronization. This parameter is required when the ProvisionProtocolType parameter is set to idaas_callback.
CallbackUrl	string	No	The URL that the application uses to receive IDaaS event callbacks.	https://example.com/event/callback
EncryptKey	string	No	The symmetric key for IDaaS event callbacks. The key is an AES-256 encryption key in the HEX format.	ad3b248**************************b3561a73d7
EncryptRequired	boolean	No	Specifies whether to encrypt IDaaS event callback messages. Valid values: true: encrypt the messages. false: transmit the messages in plaintext.	true
ListenEventScopes	array	No	The list of types of IDaaS event callback messages that are supported by the listener.
	string	No	A type of IDaaS event callback message. For information about valid values, see Address book events.	urn:alibaba:idaas:app:event:ud:user:create
ScimProvisioningConfig	object	No	The configuration of SCIM-based IDaaS synchronization. This parameter is required when the ProvisionProtocolType parameter is set to scim2.
ScimBaseUrl	string	No	The base URL that the application uses to receive the SCIM protocol for IDaaS synchronization.	https://example.com/scim
AuthnConfiguration	object	No	The configuration parameters related to SCIM-based synchronization.
AuthnMode	string	No	The authentication mode of the SCIM protocol. Valid value: oauth2: OAuth2.0 mode.	oauth2
GrantType	string	No	The grant type of the SCIM protocol. Valid values: client_credentials: client mode. bearer_token: key mode.	bearer_token
AuthnParam	object	No	The configuration parameters related to authorization. If the GrantType parameter is set to client_credentials, you can set the configuration parameters ClientId, ClientSecret, and AuthnMethod. If the GrantType parameter is set to bearer_token, you can set the configuration parameter AccessToken.
AccessToken	string	No	The access token. If the GrantType parameter is set to bearer_token, you can set this parameter.	k52x2ru63rlkflina5utgkxxxx
TokenEndpoint	string	No	The token endpoint.	https://www.example.com/oauth/token
ClientId	string	No	The client ID of the application.	mkv7rgt4d7i4u7zqtzev2mxxxx
ClientSecret	string	No	The client secret of the application.	CSEHDcHcrUKHw1CuxkJEHPveWRXBGqVqRsxxxx
AuthnMethod	string	No	The authentication mode of the SCIM protocol. Valid values: client_secret_basic: The client secret is passed in the request header. client_secret_post: The client secret is passed in the request body.	client_secret_basic
ProvisioningActions	array	No	The resource operations of the SCIM protocol. Valid values: urn:alibaba:idaas:app:scim:User:CREATE: account creation. urn:alibaba:idaas:app:scim:User:UPDATE: account update. urn:alibaba:idaas:app:scim:User:DELETE: account deletion.
	string	No	A resource operation.	urn:alibaba:idaas:app:scim:User:CREATE
FullPushScopes	array	No	The full synchronization scope of the SCIM protocol. Valid value: urn:alibaba:idaas:app:scim:User:PUSH: full account data synchronization.
	string	No	The full synchronization scope of the SCIM protocol.	urn:alibaba:idaas:app:scim:User:PUSH
ProvisionPassword	boolean	No	Specifies whether to synchronize the password in IDaaS user event callbacks. Valid values: true: synchronize the password. false: do not synchronize the password.	true

Response parameters

Parameter	Type	Description	Example
	object
RequestId	string	The ID of the request.	0441BD79-92F3-53AA-8657-F8CE4A2B912A

Examples

Sample success responses

JSONformat

{
  "RequestId": "0441BD79-92F3-53AA-8657-F8CE4A2B912A"
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation

No change history