Identity Providers
Use the Identity Providers API to create, manage, and delete enterprise identity providers that authenticate user access to Dremio.
You can also enable and disable local and social identity providers. Dremio does not support creating or deleting local or social identity providers.
Identity Providers Object{
"local": {
"type": "LOCAL",
"id": "Eq6twzP9akrYYLd69Yc9oskE9MVLg4rn",
"isActive": true
},
"social": [
{
"type": "GOOGLE",
"id": "google-oauth2",
"isActive": true
},
{
"type": "GITHUB",
"id": "github",
"isActive": true
},
{
"type": "MICROSOFT",
"id": "windowslive",
"isActive": false
}
],
"enterprise": [
{
"type": "GENERIC_OIDC",
"id": "08a89d2e-54be-4bba-89e1-d8c85645c9c9",
"isActive": true,
"issuerUrl": "https://oidc-provider.com/92ff84ec-ce79-480c-b600-4df253eec56c/as",
"clientID": "9e68f67c-beff-45b1-9c9b-2a3cd1017b90",
"clientSecret": null
}
]
}
Identity Providers Attributes
local Object
Information about the local identity provider (login with username and password) for the organization.
Example:
{
"type": "LOCAL",
"id": "Eq6twzP9akrYYLd69Yc9oskE9MVLg4rn",
"isActive": true
}
social Array of Objects
Information about the social identity providers for the organization.
Example:
[
{
"type": "GOOGLE",
"id": "google-oauth2",
"isActive": true
},
{
"type": "GITHUB",
"id": "github",
"isActive": true
},
{
"type": "MICROSOFT",
"id": "windowslive",
"isActive": false
}
]
enterprise Array of Objects
Information about the enterprise identity providers for the organization.
Example:
{
"type": "GENERIC_OIDC",
"id": "0f81d1e6-4739-4558-be0c-0545d4e3012e",
"isActive": true,
"issuerUrl": "https://oidc-provider.com/92ff84ec-ce79-480c-b600-4df253eec56c/as",
"clientID": "b23f8d06-6fa2-4bfc-b2bb-f913b4fb3750",
"clientSecret": null
}
Attributes of the local Object
type String
The type of the local identity provider. For the local identity provider, the value is always LOCAL.
id String
The ID of the local identity provider.
Example: Eq6twzP9akrYYLd69Yc9oskE9MVLg4rn
isActive Boolean
If the local identity provider is enabled as a login option, true. Otherwise, false.
Attributes of Objects in the social Array
type String
The type of the social identity provider.
- For Google social identity providers, the type is
GOOGLE. - For GitHub social identity providers, the type is
GITHUB. - For Microsoft social identity providers, the type is
MICROSOFT.
Example: GOOGLE
id String
The ID of the social identity provider.
- For Google social identity providers, the ID is
google-oauth2. - For GitHub social identity providers, the ID is
github. - For Microsoft social identity providers, the ID is
windowslive.
Example: google-oauth2
isActive Boolean
If the social identity provider is enabled as a login option, true. Otherwise, false.
Attributes of Objects in the enterprise Array
type String
The type of the enterprise identity provider.
- For generic OIDC enterprise identity providers, the type is
GENERIC_OIDC. - For Microsoft Entra ID enterprise identity providers, the type is
AZURE_AD. - For Okta enterprise identity providers, the type is
OKTA.
Example: GENERIC_OIDC
id String (UUID)
UUID of the enterprise identity provider.
isActive Boolean
If the enterprise identity provider is enabled as a login option, true. Otherwise, false.
issuerUrl String
The issuer URL for your registered Dremio application in your generic OIDC enterprise identity provider. Included only for generic OIDC enterprise identity providers.
Example: https://oidc-provider.com/92ff84ec-ce79-480c-b600-4df253eec56c/as
domain String
The publisher domain for your Microsoft Entra ID account. Included only for Microsoft Entra ID enterprise identity providers.
Example: mydomain.onmicrosoft.com
oktaUrl String
The URL value for the issuer key for your Okta account. Included only for Okta enterprise identity providers.
Example: https://tenant-4472656d696f.okta.com/oauth2/default/
clientID String (UUID)
The client or application ID for the registered Dremio application in your enterprise identity provider.
Example: 9e68f67c-beff-45b1-9c9b-2a3cd1017b90
clientSecret String
The client secret for the registered Dremio application in your enterprise identity provider. To keep the client secret secure, Dremio returns the clientSecret value as null in API responses.
Create an Enterprise Identity Provider
Method and URLPOST /v0/identity-providers
Dremio does not support creating local or social identity providers.
Parameters
type Body String
The type of enterprise identity provider.
- For generic OIDC enterprise identity providers, the type is
GENERIC_OIDC. - For Microsoft Entra ID enterprise identity providers, the type is
AZURE_AD. - For Okta enterprise identity providers, the type is
OKTA.
Example: GENERIC_OIDC
isActive Body Boolean Optional
To enable the enterprise identity provider as a login option, true. Otherwise, false (default).
issuerUrl Body String
The issuer URL for your registered Dremio application in your generic OIDC provider. Required only for generic OIDC enterprise identity providers.
Example: https://oidc-provider.com/92ff84ec-ce79-480c-b600-4df253eec56c/as
domain Body String
The publisher domain for your Microsoft Entra ID account. Required only for Microsoft Entra ID enterprise identity providers.
Example: mydomain.onmicrosoft.com
oktaUrl Body String
The URL value for the issuer key for your registered Dremio application in Okta. Required only for Okta enterprise identity providers.
Example: https://tenant-4472656d696f.okta.com/oauth2/default/
clientID Body String (UUID)
The client or application ID for the registered Dremio application in your enterprise identity provider.
Example: 9e68f67c-beff-45b1-9c9b-2a3cd1017b90
clientSecret Body String
The client secret for the registered Dremio application in your enterprise identity provider.
Example: P9QPDeuR5xqi9hg9wUHH8xz8GyY6lmV3FqCYX2nV4H
Example of Generic OIDC
Requestcurl -X POST 'https://api.dremio.cloud/v0/identity-providers/' \
-H "Authorization: Bearer $DREMIO_TOKEN" \
-H 'Content-Type: application/json' \
-d '{
"type": "GENERIC_OIDC",
"isActive": false,
"issuerUrl": "https://oidc-provider.com/92ff84ec-ce79-480c-b600-4df253eec56c/as",
"clientID": "9e68f67c-beff-45b1-9c9b-2a3cd1017b90",
"clientSecret": "P9QPDeuR5xqi9hg9wUHH8xz8GyY6lmV3FqCYX2nV4H"
}'
{
"id": "08a89d2e-54be-4bba-89e1-d8c85645c9c9"
}
Example of Microsoft Entra ID
Requestcurl -X POST 'https://api.dremio.cloud/v0/identity-providers/' \
-H "Authorization: Bearer $DREMIO_TOKEN" \
-H 'Content-Type: application/json' \
-d '{
"type": "AZURE_AD",
"isActive": false,
"domain": "mydomain.onmicrosoft.com",
"clientID": "f1a991c0-85c2-4464-9a02-f6c61503a1b2",
"clientSecret": "ei3NR5d3a3Lj#WEpb69Mlk4kt8UAahVnxT!Bj"
}'
{
"id": "f8a3c7e9-2b4d-4f1a-9c8e-5d6f7a8b9c0d"
}
Example of Okta
Requestcurl -X POST 'https://api.dremio.cloud/v0/identity-providers/' \
-H "Authorization: Bearer $DREMIO_TOKEN" \
-H 'Content-Type: application/json' \
-d '{
"type": "OKTA",
"isActive": false,
"oktaUrl": "https://tenant-4472656d696f.okta.com/oauth2/default/",
"clientID": "0oad3Z8Zk5qhFku82yrg",
"clientSecret": "5Doi9l3kb%fMpgC%xv*J4&%cEntG$Ai23c4Bje&uVL"
}'
{
"id": "3e5f9a2b-7c4d-4e8f-a1b2-c3d4e5f6a7b8"
}
Response Status Codes
200 OK
400 Bad Request
Retrieve All Identity Providers
Method and URLGET /v0/identity-providers
Example
Requestcurl -X GET 'https://api.dremio.cloud/v0/identity-providers' \
-H "Authorization: Bearer $DREMIO_TOKEN" \
-H 'Content-Type: application/json'
{
"local": {
"type": "LOCAL",
"id": "Eq6twzP9akrYYLd69Yc9oskE9MVLg4rn",
"isActive": true
},
"social": [
{
"type": "GOOGLE",
"id": "google-oauth2",
"isActive": true
},
{
"type": "GITHUB",
"id": "github",
"isActive": true
},
{
"type": "MICROSOFT",
"id": "windowslive",
"isActive": false
}
],
"enterprise": [
{
"type": "GENERIC_OIDC",
"id": "08a89d2e-54be-4bba-89e1-d8c85645c9c9",
"isActive": true,
"issuerUrl": "https://oidc-provider.com/92ff84ec-ce79-480c-b600-4df253eec56c/as",
"clientID": "9e68f67c-beff-45b1-9c9b-2a3cd1017b90",
"clientSecret": null
}
]
}
Response Status Codes
200 OK
400 Bad Request
Retrieve an Identity Provider
Method and URLGET /v0/identity-providers/{id}
Parameters
id Path String (UUID)
UUID of the identity provider you want to retrieve.
Example
Requestcurl -X GET "https://api.dremio.cloud/v0/identity-providers/$IDENTITY_PROVIDER_ID" \
-H "Authorization: Bearer $DREMIO_TOKEN" \
-H 'Content-Type: application/json'
{
"type": "GENERIC_OIDC",
"id": "08a89d2e-54be-4bba-89e1-d8c85645c9c9",
"isActive": true,
"issuerUrl": "https://oidc-provider.com/92ff84ec-ce79-480c-b600-4df253eec56c/as",
"clientID": "9e68f67c-beff-45b1-9c9b-2a3cd1017b90",
"clientSecret": null
}
Response Status Codes
200 OK
400 Bad Request
Enable an Identity Provider
Method and URLPOST /v0/identity-providers/{id}/enable
Parameters
id Path String (UUID)
UUID of the identity provider that you want to enable.
Example
Requestcurl -X POST "https://api.dremio.cloud/v0/identity-providers/$IDENTITY_PROVIDER_ID/enable" \
-H "Authorization: Bearer $DREMIO_TOKEN" \
-H 'Content-Type: application/json'
A successful request returns an empty response body with HTTP status 204 No Content.
Response Status Codes
204 No Content
400 Bad Request
Disable an Identity Provider
Method and URLPOST /v0/identity-providers/{id}/disable
Parameters
id Path String (UUID)
UUID of the identity provider that you want to disable.
Example
Requestcurl -X POST "https://api.dremio.cloud/v0/identity-providers/$IDENTITY_PROVIDER_ID/disable" \
-H "Authorization: Bearer $DREMIO_TOKEN" \
-H 'Content-Type: application/json'
A successful request returns an empty response body with HTTP status 204 No Content.
Response Status Codes
204 No Content
400 Bad Request
Delete an Identity Provider
Dremio does not support deleting local or social identity providers.
DELETE /v0/identity-providers/{id}
Parameters
id Path String (UUID)
UUID of the identity provider that you want to delete.
Example
Requestcurl -X DELETE "https://api.dremio.cloud/v0/identity-providers/$IDENTITY_PROVIDER_ID" \
-H "Authorization: Bearer $DREMIO_TOKEN" \
-H 'Content-Type: application/json'
A successful request returns an empty response body with HTTP status 204 No Content.
Response Status Codes
204 No Content
400 Bad Request