> ## Documentation Index > Fetch the complete documentation index at: https://docs.cognigy.com/llms.txt > Use this file to discover all available pages before exploring further. # Set Up an Identity Provider > Sets up an identity provider (SAML or OIDC) for your organization, including login/logout URLs, certificates, client credentials, and security settings, enabling Single Sign-On (SSO) authentication. ## OpenAPI ````yaml https://api-trial.cognigy.ai/openapi/openapi-viewer.json post /v2.0/identityprovider/configure openapi: 3.0.0 info: title: Cognigy.AI REST-ful-API Reference version: 2026.9.2 description: > ### Introduction This is the [OpenAPI 3.0](https://swagger.io/specification/) documentation of the [REST](https://en.wikipedia.org/wiki/Representational_state_transfer)-ful Cognigy.AI API. ### Cross-Origin Resource Sharing This API features Cross-Origin Resource Sharing (CORS) implemented in compliance with [W3C spec](https://www.w3.org/TR/cors/), which allows cross-domain communication from the browser. All responses include a wildcard same-origin header, making the API fully accessible. ### Authentication Cognigy.AI offers four forms of authentication: - API Key - CXone Token - OAuth2 - BasicAuth An API Key is a security token. You can use API Keys in your path or HTTP header. Never expose your API Key and keep it safe and secure. Revoke the API Key if it got exposed or stolen. OAuth2 is an open protocol to allow secure authorization by web, mobile and desktop applications. For further information see [RFC 6749 - "The OAuth 2.0 Authorization Framework"](https://tools.ietf.org/html/rfc6749) and [RFC 6750 - "The OAuth 2.0 Authorization Framework: Bearer Token Usage"](https://tools.ietf.org/html/rfc6750). Basic Auth is only used for API calls regarding the Management-UI. ### Error Handling This API uses HTTP status codes equal or above 400 to indicate errors. Error details are generated in compliance with [RFC 7807 - "Problem Details for HTTP APIs"](https://tools.ietf.org/html/rfc7807). Every error response contains a traceId, which should be provided to the Cognigy.AI Technical Support when reporting an error. contact: name: Cognigy Technical Support url: https://www.cognigy.com email: support@cognigy.com servers: - url: https://api-trial.cognigy.ai/new/ description: Cognigy.AI API security: - APIKeyHeader: [] - APIKeyQueryParam: [] - CXoneTokenHeader: [] - OAuth2: [] - BasicAuth: [] tags: - name: Cognigy.AI REST-ful API description: The Cognigy.AI REST-ful API externalDocs: description: Cognigy.AI Documentation url: https://docs.cognigy.com/docs/ paths: /v2.0/identityprovider/configure: post: tags: - Identity Providers summary: Set Up an Identity Provider description: >- Sets up an identity provider (SAML or OIDC) for your organization, including login/logout URLs, certificates, client credentials, and security settings, enabling Single Sign-On (SSO) authentication. operationId: configureIdentityProvider_2_0 parameters: - in: header name: Accept description: >- The `Accept` header specifies the media type that the client expects in the response. Available options: `application/json`, `application/hal+json`, `application/xml`, `text/xml`, `text/csv`. The default value is `application/json`. required: false schema: type: string enum: - application/json - application/hal+json - application/xml - text/xml - text/csv example: application/json requestBody: required: true content: application/json: schema: type: object oneOf: - type: object properties: idpType: type: string enum: - saml idpIssuer: type: string description: >- The value that will be in the issuer field in the SAML request. format: url idpLoginEndpoint: type: string description: >- The URL to use to login in the IDP. Used in the SP initiated Flow. format: url idpLogoutEndpoint: type: string description: >- The URL to send SLO requests against. Not all identity providers support this. format: url idpCertificate: type: string description: >- The certificate from the ID used to sign the SAML requests. It is base64 encoded. wantAuthnResponseSigned: type: boolean description: >- If the SAML authentification response should be signed, not all providers support this. decryptionPrivateKey: type: string description: >- An optional decryption key. This is necessary if the SAML request is encoded. idpDisableRequestedAuthnContext: type: boolean description: >- For some providers, e.g. Azure on-prem, it might be necessary to disable the authn context field in the SAML request. default: false - type: object properties: idpType: type: string enum: - oidc idpIssuer: type: string description: >- The URL of the OIDC identity provider. Must include `https://` to ensure a secure connection. Example `https://accounts.google.com`. format: url idpClientId: type: string description: > The client identifier issued to the client during the registration process. The authorization server issues the registered client a client identifier -- a unique string representing the registration information provided by the client. The client identifier is not a secret; it is exposed to the resource owner and MUST NOT be used alone for client authentication. The client identifier is unique to the authorization server. https://tools.ietf.org/html/rfc6749#section-2.3.1 idpClientSecret: type: string description: > This value is used by Confidential Clients to authenticate to the Token Endpoint, as described in Section 2.3.1 of OAuth 2.0, and for the derivation of symmetric encryption key values, as described in Section 10.2 of OpenID Connect Core 1.0 [OpenID.Core]. https://tools.ietf.org/html/rfc6749#section-2.3.1 https://openid.net/specs/openid-connect-core-1_0.html#Encryption idpAdditionalScope: type: string default: openid profile email offline_access description: > The scopes associated with Access Tokens determine what resources will be available when they are used to access OAuth 2.0 protected endpoints. For OpenID Connect, scopes can be used to request that specific sets of information be made available as Claim Values. The scopes openid, profile, email and offline_access are always requested. idpFrontChannelLogoutUrl: type: string format: url idpIdTokenSignedResponseAlg: type: string description: > The Algorithm used to sign the ID Token issued to this Client. enum: - RS256 - RS384 - RS512 - HS256 - HS384 - HS512 default: RS256 example: RS256 idpTokenEndpointAuthMethod: type: string description: > Requested Client Authentication method for the Token Endpoint. https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication enum: - client_secret_basic - client_secret_post - client_secret_jwt - private_key_jwt - tls_client_auth - self_signed_tls_client_auth - none default: client_secret_basic example: client_secret_basic responses: '204': description: The identity provider was configured for your organisation. '400': description: >- The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing) content: application/json: schema: type: object properties: type: type: string example: Bad Request title: type: string example: Bad Request Error status: type: number example: 400 detail: type: string example: Validation failed. Missing payload. instance: type: string example: /v2.0/flows/5ce7c2d833ea1e04d7e6c432 code: type: string example: 1000 traceId: type: string example: api--f84324f4-98eb-4f02-abdd-375a2e6c3c1f details: type: object example: {} '401': description: >- The request has not been applied because it lacks valid authentication credentials for the target resource. content: application/json: schema: type: object properties: type: type: string example: Unauthorized title: type: string example: Unauthorized Error status: type: number example: 401 detail: type: string instance: type: string example: /v2.0/flows/5ce7c2d833ea1e04d7e6c432 code: type: string example: 401 traceId: type: string example: api--f84324f4-98eb-4f02-abdd-375a2e6c3c1f details: type: object example: {} '402': description: Upgrade your Plan to increase your Quota. content: application/json: schema: type: object properties: type: type: string example: Payment Required title: type: string example: Payment Required Error status: type: number example: 402 detail: type: string example: Validation failed. Missing payload. instance: type: string example: /v2.0/flows/5ce7c2d833ea1e04d7e6c432 code: type: string example: 402 traceId: type: string example: api--f84324f4-98eb-4f02-abdd-375a2e6c3c1f details: type: object example: {} '403': description: The server understood the request but refuses to authorize it. content: application/json: schema: type: object properties: type: type: string example: Forbidden title: type: string example: Forbidden Error status: type: number example: 403 detail: type: string instance: type: string example: /v2.0/flows/5ce7c2d833ea1e04d7e6c432 code: type: string example: 1000 traceId: type: string example: api--f84324f4-98eb-4f02-abdd-375a2e6c3c1f details: type: object example: {} '404': description: >- The origin server did not find a current representation for the target resource or is not willing to disclose that one exists. content: application/json: schema: type: object properties: type: type: string example: Not Found title: type: string example: Not Found Error status: type: number example: 404 detail: type: string instance: type: string example: /v2.0/flows/5ce7c2d833ea1e04d7e6c432 code: type: string example: 1000 traceId: type: string example: api--f84324f4-98eb-4f02-abdd-375a2e6c3c1f details: type: object example: {} logLevel: type: string example: error '405': description: >- The method received in the request-line is known by the origin server but not supported by the target resource. content: application/json: schema: type: object properties: type: type: string example: Method Not Allowed title: type: string example: Method Not Allowed Error status: type: number example: 405 detail: type: string instance: type: string example: /v2.0/flows/5ce7c2d833ea1e04d7e6c432 code: type: string example: 1000 traceId: type: string example: api--f84324f4-98eb-4f02-abdd-375a2e6c3c1f details: type: object example: {} '409': description: The request conflicts with current state of the server. content: application/json: schema: type: object properties: type: type: string example: Conflict title: type: string example: Conflict Error status: type: number example: 409 detail: type: string instance: type: string example: /v2.0/flows/5ce7c2d833ea1e04d7e6c432 code: type: string example: 1004 traceId: type: string example: api--f84324f4-98eb-4f02-abdd-375a2e6c3c1f details: type: object example: {} '413': description: The request entity is larger than limits defined by server. content: application/json: schema: type: object properties: type: type: string example: Payload Too Large title: type: string example: Payload Too Large Error status: type: number example: 413 detail: type: string instance: type: string example: /v2.0/flows/5ce7c2d833ea1e04d7e6c432 code: type: string example: 1000 traceId: type: string example: api--f84324f4-98eb-4f02-abdd-375a2e6c3c1f details: type: object example: {} '500': description: >- The server encountered an unexpected condition that prevented it from fulfilling the request. content: application/json: schema: type: object properties: type: type: string example: Internal Server Error title: type: string example: Internal Server Error status: type: number example: 500 detail: type: string instance: type: string example: /v2.0/flows/5ce7c2d833ea1e04d7e6c432 code: type: string example: 1000 traceId: type: string example: api--f84324f4-98eb-4f02-abdd-375a2e6c3c1f details: type: object example: {} '501': description: >- The server does not support the functionality required to fulfill the request. content: application/json: schema: type: object properties: type: type: string example: Not Implemented title: type: string example: Not Implemented Error status: type: number example: 501 detail: type: string instance: type: string example: /v2.0/flows/5ce7c2d833ea1e04d7e6c432 code: type: string example: 1009 traceId: type: string example: api--f84324f4-98eb-4f02-abdd-375a2e6c3c1f details: type: object example: {} '502': description: >- The server, while acting as a gateway or proxy, received an invalid response from an inbound server it accessed while attempting to fulfill the request. content: application/json: schema: type: object properties: type: type: string example: Bad Gateway title: type: string example: Bad Gateway Error status: type: number example: 502 detail: type: string instance: type: string example: /v2.0/flows/5ce7c2d833ea1e04d7e6c432 code: type: string example: 1000 traceId: type: string example: api--f84324f4-98eb-4f02-abdd-375a2e6c3c1f details: type: object example: {} '503': description: The server is not ready to handle the request. content: application/json: schema: type: object properties: type: type: string example: Service Unavailable title: type: string example: Service Unavailable Error status: type: number example: 503 detail: type: string instance: type: string example: /v2.0/flows/5ce7c2d833ea1e04d7e6c432 code: type: string example: 503 traceId: type: string example: api--f84324f4-98eb-4f02-abdd-375a2e6c3c1f details: type: object example: {} '504': description: >- The server, while acting as a gateway or proxy, did not receive a timely response from an upstream server it needed to access in order to complete the request. content: application/json: schema: type: object properties: type: type: string example: Gateway Timeout title: type: string example: Gateway Timeout Error status: type: number example: 504 detail: type: string instance: type: string example: /v2.0/flows/5ce7c2d833ea1e04d7e6c432 code: type: string example: 1000 traceId: type: string example: api--f84324f4-98eb-4f02-abdd-375a2e6c3c1f details: type: object example: {} security: - APIKeyHeader: [] - APIKeyQueryParam: [] - CXoneTokenHeader: [] - OAuth2: [] components: securitySchemes: APIKeyHeader: type: apiKey in: header name: X-API-Key description: Supply the API Key in the HTTP-Header APIKeyQueryParam: type: apiKey in: query name: api_key description: Supply the API Key in the Url-Query CXoneTokenHeader: type: apiKey in: header name: x-cxone-authorization description: >- Supply the CXone Token in the HTTP-Header containing the word "Bearer" followed by a space and a Token String. Applicable only in CXone integrated environments. OAuth2: type: oauth2 flows: password: tokenUrl: /auth/oauth2/token refreshUrl: /auth/oauth2/token scopes: {} authorizationCode: authorizationUrl: /auth/oauth2/authorize tokenUrl: /auth/oauth2/token scopes: {} BasicAuth: type: http scheme: basic description: Basic Authentication used by routes designed for the Management-UI. ````