Skip to main content
POST
/
api
/
v1
/
step-up
/
providers
Create
package main

import(
	"context"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
	conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
	"log"
)

func main() {
    ctx := context.Background()

    s := conductoronesdkgo.New(
        conductoronesdkgo.WithSecurity(shared.Security{
            BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
            Oauth: "<YOUR_OAUTH_HERE>",
        }),
    )

    res, err := s.StepUpProvider.Create(ctx, nil)
    if err != nil {
        log.Fatal(err)
    }
    if res.CreateStepUpProviderResponse != nil {
        // handle response
    }
}
{
  "stepUpProvider": {
    "clientId": "<string>",
    "createdAt": "2023-11-07T05:31:56Z",
    "displayName": "<string>",
    "enabled": true,
    "id": "<string>",
    "issuerUrl": "<string>",
    "lastTestedAt": "2023-11-07T05:31:56Z",
    "microsoft": {
      "conditionalAccessIds": [
        "<string>"
      ],
      "tenant": "<string>"
    },
    "oauth2": {
      "acrValues": [
        "<string>"
      ]
    },
    "updatedAt": "2023-11-07T05:31:56Z"
  }
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Authorization
string
header
required

This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the c1TokenSource.Token() function.

Body

application/json

The CreateStepUpProviderRequest message.

This message contains a oneof named settings. Only a single field of the following list may be set at a time:

  • oauth2
  • microsoft
clientId
string | null

The OAuth2 client ID used to authenticate with the step-up provider.

clientSecret
string | null

The OAuth2 client secret. Write-only; never returned in responses.

displayName
string | null

The human-readable name for the new step-up provider.

issuerUrl
string | null

The OIDC issuer URL for the step-up provider.

microsoft
Step Up Microsoft Settings · object

StepUpMicrosoftSettings configures a Microsoft Entra step-up provider using Conditional Access.

oauth2
Step Up O Auth 2 Settings · object

StepUpOAuth2Settings repersents an OAuth2 provider that supports RFC 9470 https://www.rfc-editor.org/rfc/rfc9470

Common ACR values for OAuth2 providers include:

  • "urn:okta:loa:1fa:any" (okta)
  • "urn:okta:loa:1fa:pwd" (okta)
  • "urn:okta:loa:2fa:any" (okta)
  • "urn:okta:loa:2fa:any:ifpossible" (okta)
  • "phr" (okta)
  • "phrh" (okta)

Response

200 - application/json

Successful response

The CreateStepUpProviderResponse message.

stepUpProvider
Step Up Provider · object

StepUpProvider represents a configured step-up authentication integration (e.g., Duo, custom OIDC).

This message contains a oneof named settings. Only a single field of the following list may be set at a time:

  • oauth2
  • microsoft