IapConfiguration

The type of user interaction required for authentication and consent while signing in to the Identity-Aware Proxy (IAP). The default value is IapAuthorizationPromptType.Unspecified, which defines the default user interaction behavior for the Identity-Aware Proxy (IAP). It optimizes the user experience by minimizing unnecessary credential prompts. The single sign-on (SSO) experience is determined by the authenticated Identity-Aware Proxy (IAP) session within the web session.

The Identity-Aware Proxy (IAP) authorize endpoint that facilitates user authentication. This URL is presented in the web session, allowing users to enter their credentials. Upon successful authentication, an authorization code is received, which can be used to generate tokens for secure access to protected resources.

A unique application-specific identifier associated with an application which is registered with the Identity-Aware Proxy (IAP) portal. This identifier is utilized by the Identity-Aware Proxy (IAP) to determine which application is attempting to authenticate. It is essential for accurately recognizing and processing authentication requests, ensuring that only the correct application is granted access to protected resources.

A private key used to verify that the application is authorized to access secured services. This key establishes trust between the application and the Identity-Aware Proxy (IAP), ensuring that only authenticated applications can request access to protected resources. It must be kept confidential to prevent unauthorized access. Notably, Microsoft Entra Application Proxy does not require a client secret for authorization and token generation.

The hosts of the ArcGIS resources that are to be accessed behind the Identity-Aware Proxy (IAP). Supports the use of wildcards (*) to facilitate flexible access control. For example,

A unique identifier associated with an application which is registered with the Identity-Aware Proxy (IAP) portal. This identifier is utilized by the Identity-Aware Proxy (IAP) to determine which application is attempting to authenticate. It is essential for accurately recognizing and processing authentication requests, ensuring that only the correct application is granted access to protected resources. Notably, Microsoft Entra Application Proxy does not require an IAP client ID for authorization and token generation.

The Identity-Aware Proxy (IAP) endpoint used to log the user out of the web session and invalidate any associated tokens. This endpoint ensures that the user's session is securely terminated, preventing further access to protected resources.

The URL that the Identity-Aware Proxy (IAP) login and logout pages will redirect to when authentication completes. The scheme of this URL must be registered as a custom URL scheme in the application.

A list of permissions that define the access level for which the user should be authenticated. The following scopes will be added if they are missing, as they are essential for generating the necessary tokens and ensuring appropriate access to protected resources:

The Identity-Aware Proxy (IAP) endpoint responsible for generating access, ID, and refresh tokens. This endpoint is used to exchange the authorization code for tokens that allow secure access to protected resources.

Checks if this configuration can be used for the given URL. A configuration can be used for a URL if the URL's host matches one of the hosts specified in the configuration's hosts behind proxy.

Convert an object to JSON string.