Unique identifier issued to Akamai customers. If you aren’t sure what your Akamai customer ID is, log on to Console and check the value of the customer_id application setting.

Unique identifier of the Identity Cloud application associated with your custom provider. You can find your application ID on the Console's Manage Application page.

Unique identifier of a custom provider. IDs are assigned to a provider when the provider is created.

Maps the user profile claims returned from the social login identity provider to their corresponding attributes in the Identity Cloud user profile. For example, an OpenID Connect claim named username might map to the Identity Cloud’s displayName attribute. Without the attribute_map member you can’t copy information from the user’s social login account to their Identity Cloud account. Note that, when creating a map, the Identity Cloud attribute is listed first and the IDP attribute is listed second. This member is used with OAuth, OpenID Connect, and SAML 2 providers.

URL of the identity provider’s authorization server. For OpenID Connect and OAuth 2.0, the auth_url is found in the provider’s documentation or, for OpenID Connect only, by looking for the authorization_endpoint entry in the website’s discovery document. For SAML 2 providers you can determine the URL by retrieving the provider’s SAML metadata and looking for the SingleSignOnService element and the Location attribute. Regardless, the auth_url value must use the HTTPS scheme. This member is used with OAuth, OpenID Connect, and SAML 2 providers.

Unique identifier of the identity provider authentication client used for authorization. This is the client you created on the provider’s developers site. Note that not all providers refer to this item as the client ID. Some providers might reference an application ID, an app ID, or an API client ID. Use the token_auth_method field to control how this member is used with OAuth. This member is used with OAuth and with OpenID Connect clients.

Password for the authentication client referenced in the client_id member. Not all providers call this a client secret. Some providers might reference an application secret or app secret, while others might use the term API secret or API key. Use the token_auth_method field to control how this member is used with OAuth. This member is used with OAuth and with OpenID Connect clients.

Attribute that uniquely identifies the user. For example, if the response from the OAuth provider includes a unique identifier named userid you must set the identifier_attribute to /userid. This member is only used with OAuth providers.

X.509 certificate the identity provider uses to sign a SAML assertion. In a SAML assertion, the encoded certificate is found in the <ds:X509Certificate> section. In the <ds:SignatureValue> section you’ll find the public key, which can be used to verify the authenticity of the assertion. This member is only used with SAML 2 providers.

URL of the identity provider’s userinfo endpoint. The profile_url can be found in the provider’s documentation or, for OpenID Connect, by looking for the userinfo_endpoint entry in the website’s discovery document. This member, valid only with OAuth and OpenID Connect clients, must use the HTTPS scheme.

Authentication protocol used by the identity provider. This member is used with OAuth, OpenID Connect, and SAML2 providers.

Unique name of a custom provider. This member is used with OAuth, OpenID Connect, and SAML 2 providers.

Authentication method used when making a request to the provider's token endpoint. With the default client_secret_post method the client sends authentication information as part of the request body in an HTTP POST. With the client_secret_basic method the client passes a user ID and password to the server as part of an Authorization header. The client_secret_basic method should only be used on a secure connection. This member is used OAuth providers.

URL of the identity provider’s token endpoint. The token_url can be found in the provider’s documentation or, for OpenID Connect only, by looking for the token_endpoint entry in the website’s discovery document. This member, valid only with OAuth and OpenID Connect clients, must use the HTTPS protocol.