| IdentityProvider | 0..* | IdentityProvider | External identity provider configuration. |
| IdentityProvider.id | 0..1 | http://hl7.org/fhirpath/System.String | The logical id of the resource, as used in the URL for the resource. Once assigned, this value never changes. |
| IdentityProvider.meta | 0..1 | Meta | The metadata about the resource. This is content that is maintained by the infrastructure. Changes to the content might not always be associated with version changes to the resource. |
| IdentityProvider.name | 1..1 | string | The name of the external identity provider. |
| IdentityProvider.status | 1..1 | code | The status of the identity provider. |
| IdentityProvider.accessType | 1..1 | code | Method for connecting to external identity provider. |
| IdentityProvider.oidc | 0..1 | BackboneElement | OIDC connection configuration for the identity provider. |
| IdentityProvider.oidc.authorization_endpoint | 1..1 | string | OIDC authorization endpoint. |
| IdentityProvider.oidc.token_endpoint | 1..1 | string | OIDC token endpoint. |
| IdentityProvider.oidc.userinfo_endpoint | 0..1 | string | The OIDC user info endpoint. |
| IdentityProvider.oidc.jwks_uri | 0..1 | string | If included will verify id token based on this jwks keys. |
| IdentityProvider.oidc.scopes | 0..* | string | Scopes to send to the OIDC provider. |
| IdentityProvider.oidc.client | 1..1 | BackboneElement | Registered client for the OIDC provider. |
| IdentityProvider.oidc.client.clientId | 1..1 | string | Registered clients id. |
| IdentityProvider.oidc.client.secret | 0..1 | string | Registered clients secret. |
| IdentityProvider.oidc.pkce | 0..1 | BackboneElement | PKCE Configuration |
| IdentityProvider.oidc.pkce.code_challenge_method | 0..1 | code | PKCE code challenge method. |
| IdentityProvider.oidc.pkce.enabled | 0..1 | boolean | PKCE enabled. |