WorkMail / Client / put_identity_provider_configuration

put_identity_provider_configuration#

WorkMail.Client.put_identity_provider_configuration(**kwargs)#

Enables integration between IAM Identity Center (IdC) and WorkMail to proxy authentication requests for mailbox users. You can connect your IdC directory or your external directory to WorkMail through IdC and manage access to WorkMail mailboxes in a single place. For enhanced protection, you could enable Multifactor Authentication (MFA) and Personal Access Tokens.

See also: AWS API Documentation

Request Syntax

response = client.put_identity_provider_configuration(
    OrganizationId='string',
    AuthenticationMode='IDENTITY_PROVIDER_ONLY'|'IDENTITY_PROVIDER_AND_DIRECTORY',
    IdentityCenterConfiguration={
        'InstanceArn': 'string',
        'ApplicationArn': 'string'
    },
    PersonalAccessTokenConfiguration={
        'Status': 'ACTIVE'|'INACTIVE',
        'LifetimeInDays': 123
    }
)
Parameters:
  • OrganizationId (string) –

    [REQUIRED]

    The ID of the WorkMail Organization.

  • AuthenticationMode (string) –

    [REQUIRED]

    The authentication mode used in WorkMail.

  • IdentityCenterConfiguration (dict) –

    [REQUIRED]

    The details of the IAM Identity Center configuration.

    • InstanceArn (string) – [REQUIRED]

      The Amazon Resource Name (ARN) of the of IAM Identity Center instance. Must be in the same AWS account and region as WorkMail organization.

    • ApplicationArn (string) – [REQUIRED]

      The Amazon Resource Name (ARN) of IAMIdentity Center Application for WorkMail. Must be created by the WorkMail API, see CreateIdentityCenterApplication.

  • PersonalAccessTokenConfiguration (dict) –

    [REQUIRED]

    The details of the Personal Access Token configuration.

    • Status (string) – [REQUIRED]

      The status of the Personal Access Token allowed for the organization.

      • Active - Mailbox users can login to the web application and choose Settings to see the new Personal Access Tokens page to create and delete the Personal Access Tokens. Mailbox users can use the Personal Access Tokens to set up mailbox connection from desktop or mobile email clients.

      • Inactive - Personal Access Tokens are disabled for your organization. Mailbox users can’t create, list, or delete Personal Access Tokens and can’t use them to connect to their mailboxes from desktop or mobile email clients.

    • LifetimeInDays (integer) –

      The validity of the Personal Access Token status in days.

Return type:

dict

Returns:

Response Syntax

{}

Response Structure

  • (dict) –

Exceptions