Identity Providers
Use the Identity Providers API to create, manage, and delete enterprise identity providers that authenticate user access to Dremio.
You can also enable and disable local and social identity providers. Dremio does not support creating or deleting local or social identity providers.
Identity Providers Object{
"local": {
"type": "LOCAL",
"id": "Eq6twzP9akrYYLd69Yc9oskE9MVLg4rn",
"isActive": true
},
"social": [
{
"type": "GOOGLE",
"id": "google-oauth2",
"isActive": true
},
{
"type": "GITHUB",
"id": "github",
"isActive": true
},
{
"type": "MICROSOFT",
"id": "windowslive",
"isActive": false
}
],
"enterprise": [
{
"type": "GENERIC_OIDC",
"id": "08a89d2e-54be-4bba-89e1-d8c85645c9c9",
"isActive": true,
"issuerUrl": "https://oidc-provider.com/92ff84ec-ce79-480c-b600-4df253eec56c/as",
"clientID": "9e68f67c-beff-45b1-9c9b-2a3cd1017b90",
"clientSecret": null
}
]
}
Identity Providers Attributes
local Object
Information about the local identity provider (login with username and password) for the organization.
Example: {"type": "LOCAL","id": "Eq6twzP9akrYYLd69Yc9oskE9MVLg4rn","isActive": true}
social Array of Object
Information about the social identity providers for the organization.
Example: {"type": "GOOGLE","id": "google-oauth2","isActive": true},{"type": "GITHUB","id": "github","isActive": true},{"type": "MICROSOFT","id": "windowslive","isActive": false}
enterprise Array of Object
Information about the enterprise identity provider for the organization.
Example: {"type": "GENERIC_OIDC","id": "0f81d1e6-4739-4558-be0c-0545d4e3012e","isActive": true,"issuerUrl": "https://oidc-provider.com/92ff84ec-ce79-480c-b600-4df253eec56c/as","clientID": "b23f8d06-6fa2-4bfc-b2bb-f913b4fb3750","clientSecret": null}
Attributes of the local Object
type String
The type of the local identity provider. For the local identity provider, the value is always LOCAL.
id String
The ID of the local identity provider.
Example: Eq6twzP9akrYYLd69Yc9oskE9MVLg4rn
isActive Boolean
If the local identity provider is enabled as a login option, true. Otherwise, false.
Example: true
Attributes of Objects in the social Array
type String
The type of the social identity provider.
-
For Google social identity providers, the type is
GOOGLE. -
For GitHub social identity providers, the type is
GITHUB. -
For Microsoft social identity providers, the type is
MICROSOFT.
Example: GOOGLE
id String
The ID of the social identity provider.
-
For Google social identity providers, the id is
google-oauth2. -
For GitHub social identity providers, the id is
github. -
For Microsoft social identity providers, the id is
windowslive.
Example: google-oauth2
isActive Boolean
If the social identity provider is enabled as a login option, true. Otherwise, false.
Example: true
Attributes of Objects in the enterprise Array
type String
The type of the enterprise identity provider.
-
For generic OIDC enterprise identity providers, the type is
GENERIC_OIDC. -
For Microsoft Entra ID enterprise identity providers, the type is
AZURE_AD. -
For Okta enterprise identity providers, the type is
OKTA.
Example: GENERIC_OIDC
id String
The ID of the enterprise identity provider.
Example: 08a89d2e-54be-4bba-89e1-d8c85645c9c9
isActive Boolean
If the enterprise identity provider is enabled as a login option, true. Otherwise, false.
Example: true
issuerUrl String
The issuer URL for your registered Dremio application in your generic OIDC enterprise identity provider. Included only for generic OIDC enterprise identity providers.
Example: https://oidc-provider.com/92ff84ec-ce79-480c-b600-4df253eec56c/as
domain String
The publisher domain for your Microsoft Entra ID account. Included only for Microsoft Entra ID enterprise identity providers.
Example: mydomain.onmicrosoft.com
oktaUrl String
The URL value for the issuer key for your Okta account. Included only for Okta enterprise identity providers.
Example: https://tenant-4472656d696f.okta.com/oauth2/default/
clientID String
The client or application ID for the registered Dremio application in your enterprise identity provider.
Example: 9e68f67c-beff-45b1-9c9b-2a3cd1017b90
clientSecret String
The client secret for the registered Dremio application in your enterprise identity provider. To keep the client secret secure, Dremio returns the clientSecret value as null in API responses.
Creating an Enterprise Identity Provider
Create an enterprise identity provider.
Dremio does not support creating local or social identity providers.
POST /v0/identity-providers
Parameters
type Body String
The type of enterprise identity provider.
-
For generic OIDC enterprise identity providers, the type is
GENERIC_OIDC. -
For Microsoft Entra ID enterprise identity providers, the type is
AZURE_AD. -
For Okta enterprise identity providers, the type is
OKTA.
Example: GENERIC_OIDC
isActive Body Boolean Optional
To enable the enterprise identity provider as a login option, true. Otherwise, false (default).
Example: false
issuerUrl Body String
The issuer URL for your registered Dremio application in your generic OIDC provider. Required only for generic OIDC enterprise identity providers.
Example: https://oidc-provider.com/92ff84ec-ce79-480c-b600-4df253eec56c/as
domain Body String
The publisher domain for your Microsoft Entra ID account. Required only for Microsoft Entra ID enterprise identity providers.
Example: mydomain.onmicrosoft.com
oktaUrl Body String
The URL value for the issuer key for your registered Dremio application in Okta. Required only for Okta enterprise identity providers.
Example: https://tenant-4472656d696f.okta.com/oauth2/default/
clientID Body String
The client or application ID for the registered Dremio application in your enterprise identity provider.
Example: 9e68f67c-beff-45b1-9c9b-2a3cd1017b90
clientSecret Body String
The client secret for the registered Dremio application in your enterprise identity provider.
Example: P9QPDeuR5xqi9hg9wUHH8xz8GyY6lmV3FqCYX2nV4H
Example Request (Generic OIDC)curl -X POST 'https://api.dremio.cloud/v0/identity-providers/' \
--header 'Authorization: Bearer <personal access token>' \
--header 'Content-Type: application/json' \
--data '{
"type": "GENERIC_OIDC",
"isActive": "false",
"issuerUrl": "https://oidc-provider.com/92ff84ec-ce79-480c-b600-4df253eec56c/as",
"clientID": "9e68f67c-beff-45b1-9c9b-2a3cd1017b90",
"clientSecret": "P9QPDeuR5xqi9hg9wUHH8xz8GyY6lmV3FqCYX2nV4H"
}'
{
"id": "08a89d2e-54be-4bba-89e1-d8c85645c9c9"
}
curl -X POST 'https://api.dremio.cloud/v0/identity-providers/' \
--header 'Authorization: Bearer <personal access token>' \
--header 'Content-Type: application/json' \
--data '{
"type": "AZURE_AD",
"isActive": "false",
"domain": "mydomain.onmicrosoft.com",
"clientID": "f1a991c0-85c2-4464-9a02-f6c61503a1b2",
"clientSecret": "ei3NR5d3a3Lj#WEpb69Mlk4kt8UAahVnxT!Bj"
}'
curl -X POST 'https://api.dremio.cloud/v0/identity-providers/' \
--header 'Authorization: Bearer <personal access token>' \
--header 'Content-Type: application/json' \
--data '{
"type": "OKTA",
"isActive": "false",
"oktaUrl": "https://tenant-4472656d696f.okta.com/oauth2/default/",
"clientID": "0oad3Z8Zk5qhFku82yrg",
"clientSecret": "5Doi9l3kb%fMpgC%xv*J4&%cEntG$Ai23c4Bje&uVL"
}'
Response Status Codes
200 OK
400 Bad Request
Retrieving All Identity Providers
Retrieve a list of all of the identity providers in your organization and the metadata for each identity provider.
Method and URLGET /v0/identity-providers
curl -X GET 'https://api.dremio.cloud/v0/identity-providers' \
--header 'Authorization: Bearer <personal access token>' \
--header 'Content-Type: application/json'
{
"local": {
"type": "LOCAL",
"id": "Eq6twzP9akrYYLd69Yc9oskE9MVLg4rn",
"isActive": true
},
"social": [
{
"type": "GOOGLE",
"id": "google-oauth2",
"isActive": true
},
{
"type": "GITHUB",
"id": "github",
"isActive": true
},
{
"type": "MICROSOFT",
"id": "windowslive",
"isActive": false
}
],
"enterprise": [
{
"type": "GENERIC_OIDC",
"id": "08a89d2e-54be-4bba-89e1-d8c85645c9c9",
"isActive": true,
"issuerUrl": "https://oidc-provider.com/92ff84ec-ce79-480c-b600-4df253eec56c/as",
"clientID": "9e68f67c-beff-45b1-9c9b-2a3cd1017b90",
"clientSecret": null
}
]
}
Response Status Codes
200 OK
400 Bad Request
Retrieving an Identity Provider
Retrieve the specified identity provider.
Method and URLGET /v0/identity-providers/{id}
Parameters
id Path String
The ID of the identity provider you wish to retrieve.
Example: 08a89d2e-54be-4bba-89e1-d8c85645c9c9
Example Requestcurl -X GET 'https://api.dremio.cloud/v0/identity-providers/08a89d2e-54be-4bba-89e1-d8c85645c9c9' \
--header 'Authorization: Bearer <personal access token>' \
--header 'Content-Type: application/json'
{
"type": "GENERIC_OIDC",
"id": "08a89d2e-54be-4bba-89e1-d8c85645c9c9",
"isActive": true,
"issuerUrl": "https://oidc-provider.com/92ff84ec-ce79-480c-b600-4df253eec56c/as",
"clientID": "9e68f67c-beff-45b1-9c9b-2a3cd1017b90",
"clientSecret": null
}
Response Status Codes
200 OK
400 Bad Request
Enabling an Identity Provider
Enable the specified identity provider so that it is available to users on your organization's Dremio login page.
Method and URLPOST /v0/identity-providers/{id}/enable
Parameters
id Path String
The ID of the identity provider that you want to enable.
Example: 08a89d2e-54be-4bba-89e1-d8c85645c9c9
Example Requestcurl -X POST 'https://api.dremio.cloud/v0/identity-providers/08a89d2e-54be-4bba-89e1-d8c85645c9c9/enable' \
--header 'Authorization: Bearer <personal access token>' \
--header 'Content-Type: application/json'
No response
Response Status Codes
200 OK
400 Bad Request
Disabling an Identity Provider
Disable the specified identity provider so that it is not available to users on your organization's Dremio login page.
Method and URLPOST /v0/identity-providers/{id}/disable
Parameters
id Path String
The ID of the identity provider that you want to disable.
Example: 08a89d2e-54be-4bba-89e1-d8c85645c9c9
Example Requestcurl -X POST 'https://api.dremio.cloud/v0/identity-providers/08a89d2e-54be-4bba-89e1-d8c85645c9c9/disable' \
--header 'Authorization: Bearer <personal access token>' \
--header 'Content-Type: application/json'
No response
Response Status Codes
200 OK
400 Bad Request
Deleting an Identity Provider
Delete an enterprise identity provider.
Dremio does not support deleting local or social identity providers.
DELETE /v0/identity-providers/{id}
Parameters
id Path String
The ID of the identity provider that you want to delete.
Example: 08a89d2e-54be-4bba-89e1-d8c85645c9c9
Example Requestcurl -X DELETE 'https://api.dremio.cloud/v0/identity-providers/08a89d2e-54be-4bba-89e1-d8c85645c9c9' \
--header 'Authorization: Bearer <personal access token>' \
--header 'Content-Type: application/json'
No response
Response Status Codes
204 OK
400 Bad Request