# chainctl iam identity-providers create

URL: https://edu.chainguard.dev/chainguard/chainctl/chainctl-docs/chainctl_iam_identity-providers_create.md
Last Modified: April 29, 2026
Tags: chainctl, Reference, Product

 chainctl iam identity-providers create Create an identity provider
chainctl iam identity-providers create --parent ORGANIZATION_NAME | ORGANIZATION_ID [--name=NAME] [--description=DESCRIPTION] --oidc-issuer=ISSUER --oidc-client-id=CLIENT_ID --oidc-client-secret=CLIENT_SECRET [--oidc-additional-scopes=SCOPE,...] --default-role=ROLE [--output=id|json|table] Examples # Setup a custom OIDC provider and bind new users to the viewer role chainctl iam identity-providers create --name=google --parent=example \ --oidc-issuer=https://accounts.google.com \ --oidc-client-id=foo \ --oidc-client-secret=bar \ --default-role=viewer Options --configuration-type string Type of identity provider. Only OIDC supported currently (default &#34;OIDC&#34;) --default-role string Role to grant users on first login --description string Description of identity provider --name string Name of identity provider --oidc-additional-scopes stringArray additional scopes to request for OIDC type identity provider --oidc-client-id string client id for OIDC type identity provider --oidc-client-secret string client secret for OIDC type identity provider --oidc-issuer string Issuer URL for OIDC type identity provider --parent string The name or ID of the location the identity provider belongs to. -y, --yes Automatic yes to prompts; assume &#34;yes&#34; as answer to all prompts and run non-interactively. Options inherited from parent commands --api string The url of the Chainguard platform API. (default &#34;https://console-api.enforce.dev&#34;) --audience string The Chainguard token audience to request. (default &#34;https://console-api.enforce.dev&#34;) --config string A specific chainctl config file. Uses CHAINCTL_CONFIG environment variable if a file is not passed explicitly. --console string The url of the Chainguard platform Console. (default &#34;https://console.chainguard.dev&#34;) --force-color Force color output even when stdout is not a TTY. -h, --help Help for chainctl --issuer string The url of the Chainguard STS endpoint. (default &#34;https://issuer.enforce.dev&#34;) --log-level string Set the log level (debug, info) (default &#34;ERROR&#34;) -o, --output string Output format. One of: [csv, env, go-template, id, json, markdown, none, table, terse, tree, wide] -v, --v int Set the log verbosity level. SEE ALSO chainctl iam identity-providers	- customer managed identity provider management