Update the IdP configuration for an organization

Update the IdP configuration for an organization. All currently authenticated principals will be logged out immediately, and all tokens will be invalidated, including the caller's.

Warning: If you are performing this operation on your "home" organization (the one for which your token is issued), the IdP update will be done, but the admin group ID will typically not point to a valid group in the new IdP. We recommend that you reach out to Cognite Support if you want to update the IdP of your own organization.

Access control

Requires the caller to be an admin in the organization, or any of its ancestors.

Example: Assume an organization hierarchy like: org-a -> org-b -> org-c. To update the IdP configuration for org-c, which means calling 'PUT /orgs/org-c/idp', the caller must be an admin in org-a, org-b or org-c.

Securityorg-oidc-token
Request
path Parameters
org
required
string (OrgId) [ 3 .. 64 ] characters ^([a-z][a-z0-9-]{1,62}[a-z0-9])$

ID of an organization

Example: my-org
Request Body schema: application/json
required

A request to update the IdP configuration of an organization

One of:

Azure AD IdP configuration

idpVendor
required
string
Value: "AZURE_AD"
issuer
required
string <url>

The issuer for the external IdP. For Azure AD, it conforms to the example URL and contains the tenant ID.

Responses
200

Successfully updated

put/api/admin/orgs/{org}/idp
Request samples
application/json
{}
➔ Next to Projects