zscaler.zpacloud.zpa_idp_controller_info module – Retrieves Identity Provider information.

Note

This module is part of the zscaler.zpacloud collection (version 2.0.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.zpacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.zpacloud.zpa_idp_controller_info.

New in zscaler.zpacloud 1.0.0

Synopsis

  • This module will allow the retrieval of information about an Identity Provider (IdP) detail from the ZPA Cloud.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

client_id

string

The client ID for OAuth2 authentication.

Required for OneAPI client authentication when use_legacy_client=false.

client_secret

string

The client secret for OAuth2 authentication.

Used for OneAPI client authentication when use_legacy_client=false and not using private_key.

cloud

string

The ZPA cloud provisioned for your organization.

Used for OneAPI client authentication when use_legacy_client=false.

Choices:

  • "BETA"

  • "GOV"

  • "GOVUS"

  • "PRODUCTION"

  • "QA"

  • "QA2"

  • "PREVIEW"

  • "beta"

  • "production"

customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

Used for OneAPI client authentication when use_legacy_client=false.

id

string

ID of the Identity Provider.

microtenant_id

string

The ZPA Microtenant ID found in the Administration Company menu in the ZPA console.

Used for OneAPI client authentication when use_legacy_client=false.

name

string

Name of the Identity Provider.

private_key

string

The private key for JWT-based OAuth2 authentication.

Used for OneAPI client authentication when use_legacy_client=false and not using client_secret.

provider

dictionary

A dict containing authentication credentials.

client_id

string

The client ID for OAuth2 authentication.

Required for OneAPI client authentication when use_legacy_client=false.

client_secret

string

The client secret for OAuth2 authentication.

Used for OneAPI client authentication when use_legacy_client=false and not using private_key.

cloud

string

The ZPA cloud provisioned for your organization.

Used for OneAPI client authentication when use_legacy_client=false.

Choices:

  • "BETA"

  • "GOV"

  • "GOVUS"

  • "PRODUCTION"

  • "QA"

  • "QA2"

  • "PREVIEW"

  • "beta"

  • "production"

customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

Used for OneAPI client authentication when use_legacy_client=false.

microtenant_id

string

The ZPA Microtenant ID found in the Administration Company menu in the ZPA console.

Used for OneAPI client authentication when use_legacy_client=false.

private_key

string

The private key for JWT-based OAuth2 authentication.

Used for OneAPI client authentication when use_legacy_client=false and not using client_secret.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

When true, uses zpa_client_id/zpa_client_secret/zpa_customer_id/zpa_cloud for authentication.

When false (default), uses client_id/client_secret/private_key with vanity_domain for OAuth2 authentication.

Choices:

  • false ← (default)

  • true

vanity_domain

string

The vanity domain provisioned by Zscaler for OAuth2 flows.

Required for OneAPI client authentication when use_legacy_client=false.

zpa_client_id

string

The ZPA API client ID generated from the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_client_secret

string

The ZPA API client secret generated from the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_cloud

string

The ZPA cloud provisioned for your organization.

Required for legacy client authentication when use_legacy_client=true.

Choices:

  • "BETA"

  • "GOV"

  • "GOVUS"

  • "PRODUCTION"

  • "QA"

  • "QA2"

  • "PREVIEW"

  • "beta"

  • "production"

zpa_customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_microtenant_id

string

The ZPA Microtenant ID found in the Administration Company menu in the ZPA console.

Used for legacy client authentication when use_legacy_client=true.

scim_enabled

boolean

Returns all SCIM IdPs if set to true. Returns all non SCIM IdPs if set to false

Choices:

  • false

  • true

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

When true, uses zpa_client_id/zpa_client_secret/zpa_customer_id/zpa_cloud for authentication.

When false (default), uses client_id/client_secret/private_key with vanity_domain for OAuth2 authentication.

Choices:

  • false ← (default)

  • true

user_attributes

boolean

Returns all SCIM user attributes if set to true.

Choices:

  • false

  • true

vanity_domain

string

The vanity domain provisioned by Zscaler for OAuth2 flows.

Required for OneAPI client authentication when use_legacy_client=false.

zpa_client_id

string

The ZPA API client ID generated from the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_client_secret

string

The ZPA API client secret generated from the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_cloud

string

The ZPA cloud provisioned for your organization.

Required for legacy client authentication when use_legacy_client=true.

Choices:

  • "BETA"

  • "GOV"

  • "GOVUS"

  • "PRODUCTION"

  • "QA"

  • "QA2"

  • "PREVIEW"

  • "beta"

  • "production"

zpa_customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_microtenant_id

string

The ZPA Microtenant ID found in the Administration Company menu in the ZPA console.

Used for legacy client authentication when use_legacy_client=true.

Notes

Note

  • Check mode is not supported.

Examples

- name: Get Details of All IdP Controllers
  zscaler.zpacloud.zpa_idp_controller_facts:
    provider: "{{ zpa_cloud }}"

- name: Get Details of a Specific IdP Controller by Name
  zscaler.zpacloud.zpa_idp_controller_facts:
    provider: "{{ zpa_cloud }}"
    name: User_IdP_Name

- name: Get Details of a Specific IdP Controller by ID
  zscaler.zpacloud.zpa_idp_controller_facts:
    provider: "{{ zpa_cloud }}"
    id: "216196257331282583"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

idps

list / elements=dictionary

Details of the Identity Providers (IdPs).

Returned: always

certificates

list / elements=dictionary

A list of certificates associated with the Identity Provider.

Returned: always

certificate

string

The full certificate in PEM format.

Returned: always

Sample: "-----BEGIN CERTIFICATE-----\nMIIDqDCCApCgAwIBAgIGAYvHDvDlMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYDVQQG\n...\n-----END CERTIFICATE-----\n"

cname

string

The common name (CN) of the certificate.

Returned: always

Sample: "dev-123456"

serial_no

string

The serial number of the certificate.

Returned: always

Sample: "1699851727077"

valid_from_in_sec

string

The start of the certificate validity period in epoch seconds.

Returned: always

Sample: "1699851667"

valid_to_in_sec

string

The end of the certificate validity period in epoch seconds.

Returned: always

Sample: "2015470926"

creation_time

string

The time when the Identity Provider was created, in epoch format.

Returned: always

Sample: "1651556913"

domain_list

list / elements=string

A list of domains associated with the Identity Provider.

Returned: always

Sample: ["acme.com"]

enabled

boolean

Indicates whether the Identity Provider is enabled.

Returned: always

Sample: true

id

string

The unique identifier of the Identity Provider.

Returned: always

Sample: "216199618143191058"

idp_entity_id

string

The entity ID of the Identity Provider.

Returned: always

Sample: "http://www.okta.com/exkd8q2goavjgTfyj5d7"

login_url

string

The login URL of the Identity Provider.

Returned: always

Sample: "https://dev-123456.okta.com/app/zscaler_private_access/exkd8q2goavjgTfyj5d7/sso/saml"

modified_by

string

The ID of the user who last modified the Identity Provider.

Returned: always

Sample: "123456789"

modified_time

string

The time when the Identity Provider was last modified, in epoch format.

Returned: always

Sample: "1720842468"

name

string

The name of the Identity Provider.

Returned: always

Sample: "Okta_Users"

scim_enabled

boolean

Indicates whether SCIM (System for Cross-domain Identity Management) is enabled.

Returned: always

Sample: true

scim_service_provider_endpoint

string

The SCIM service provider endpoint URL.

Returned: always

Sample: "https://scim1.private.zscaler.com/scim/1/123456789/v2"

scim_shared_secret_exists

boolean

Indicates whether the SCIM shared secret exists.

Returned: always

Sample: true

user_metadata

dictionary

Metadata related to the Identity Provider’s service provider.

Returned: always

certificate_url

string

The URL to download the Identity Provider’s certificate.

Returned: always

Sample: "https://samlsp.private.zscaler.com/auth/123456789/certificate"

sp_base_url

string

The base URL for the service provider.

Returned: always

Sample: "https://samlsp.private.zscaler.com/auth"

sp_entity_id

string

The service provider’s entity ID.

Returned: always

Sample: "https://samlsp.private.zscaler.com/auth/metadata/123456789"

sp_metadata_url

string

The URL to download the service provider’s metadata.

Returned: always

Sample: "https://samlsp.private.zscaler.com/auth/123456789/metadata"

sp_post_url

string

The URL for the service provider’s SSO POST binding.

Returned: always

Sample: "https://samlsp.private.zscaler.com/auth/123456789/sso"

Authors

  • William Guilherme (@willguibr)