> ## Documentation Index > Fetch the complete documentation index at: https://www.c1.ai/docs/llms.txt > Use this file to discover all available pages before exploring further. # Create Provider > CreateProvider registers a new external OIDC issuer for the tenant. Validates the issuer URL via OIDC discovery synchronously. ## OpenAPI ````yaml https://spec.speakeasy.com/conductor-one/conductorone/my-source-with-code-samples post /api/v1/workload_federation/providers openapi: 3.1.0 info: description: The C1 API is a HTTP API for managing C1 resources. title: C1 API version: 0.1.0-alpha servers: - description: The C1 API server for the current tenant. url: https://{tenantDomain}.conductor.one variables: tenantDomain: default: example description: The domain of the tenant to use for this request. security: - bearerAuth: [] oauth: [] paths: /api/v1/workload_federation/providers: post: tags: - Workload Federation summary: Create Provider description: |- CreateProvider registers a new external OIDC issuer for the tenant. Validates the issuer URL via OIDC discovery synchronously. operationId: c1.api.workload_federation.v1.WorkloadFederationService.CreateProvider requestBody: content: application/json: schema: $ref: >- #/components/schemas/c1.api.workload_federation.v1.WorkloadFederationServiceCreateProviderRequest responses: '200': content: application/json: schema: $ref: >- #/components/schemas/c1.api.workload_federation.v1.WorkloadFederationServiceCreateProviderResponse description: Successful response x-codeSamples: - lang: go label: CreateProvider source: "package main\n\nimport(\n\t\"context\"\n\t\"github.com/conductorone/conductorone-sdk-go/pkg/models/shared\"\n\tconductoronesdkgo \"github.com/conductorone/conductorone-sdk-go\"\n\t\"log\"\n)\n\nfunc main() {\n ctx := context.Background()\n\n s := conductoronesdkgo.New(\n conductoronesdkgo.WithSecurity(shared.Security{\n BearerAuth: \"\",\n Oauth: \"\",\n }),\n )\n\n res, err := s.WorkloadFederation.CreateProvider(ctx, nil)\n if err != nil {\n log.Fatal(err)\n }\n if res.WorkloadFederationServiceCreateProviderResponse != nil {\n // handle response\n }\n}" - lang: typescript label: Typescript (SDK) source: >- import { ConductoroneSDKTypescript } from "conductorone-sdk-typescript"; const conductoroneSDKTypescript = new ConductoroneSDKTypescript({ security: { bearerAuth: "", oauth: "", }, }); async function run() { const result = await conductoroneSDKTypescript.workloadFederation.createProvider(); console.log(result); } run(); components: schemas: c1.api.workload_federation.v1.WorkloadFederationServiceCreateProviderRequest: description: The WorkloadFederationServiceCreateProviderRequest message. properties: description: description: A description of what this provider is for. readOnly: false type: string displayName: description: The display name for the new provider. readOnly: false type: string issuerUrl: description: |- The OIDC issuer URL. Will be validated via OIDC discovery. Normalized on write: lowercase host, no trailing slash, HTTPS only. readOnly: false type: string wellKnownProvider: description: |- Well-known provider type. Required -- UNSPECIFIED is rejected. When set to a named source, the backend validates issuer_url consistency. enum: - WELL_KNOWN_WORKLOAD_PROVIDER_UNSPECIFIED - WELL_KNOWN_WORKLOAD_PROVIDER_CUSTOM - WELL_KNOWN_WORKLOAD_PROVIDER_GITHUB_ACTIONS - WELL_KNOWN_WORKLOAD_PROVIDER_GITLAB_CI - WELL_KNOWN_WORKLOAD_PROVIDER_HCP_TERRAFORM - WELL_KNOWN_WORKLOAD_PROVIDER_AWS_IAM_OUTBOUND readOnly: false type: string x-speakeasy-unknown-values: allow title: Workload Federation Service Create Provider Request type: object x-speakeasy-name-override: WorkloadFederationServiceCreateProviderRequest c1.api.workload_federation.v1.WorkloadFederationServiceCreateProviderResponse: description: The WorkloadFederationServiceCreateProviderResponse message. properties: provider: $ref: >- #/components/schemas/c1.api.workload_federation.v1.WorkloadFederationProvider title: Workload Federation Service Create Provider Response type: object x-speakeasy-name-override: WorkloadFederationServiceCreateProviderResponse c1.api.workload_federation.v1.WorkloadFederationProvider: description: >- WorkloadFederationProvider represents a tenant-level OIDC issuer registration. properties: createdAt: format: date-time readOnly: true type: string description: description: A description of what this provider is for. readOnly: false type: string disabled: description: >- Whether the provider is disabled. Disabled providers reject all token exchanges. readOnly: false type: boolean displayName: description: The display name of the provider. readOnly: false type: string id: description: The unique ID of the provider. readOnly: true type: string issuerUrl: description: The OIDC issuer URL. Immutable after creation. readOnly: true type: string updatedAt: format: date-time readOnly: true type: string wellKnownProvider: description: |- Well-known provider type. Drives UX (wizard presets, docs, icons). Set at creation time, immutable. enum: - WELL_KNOWN_WORKLOAD_PROVIDER_UNSPECIFIED - WELL_KNOWN_WORKLOAD_PROVIDER_CUSTOM - WELL_KNOWN_WORKLOAD_PROVIDER_GITHUB_ACTIONS - WELL_KNOWN_WORKLOAD_PROVIDER_GITLAB_CI - WELL_KNOWN_WORKLOAD_PROVIDER_HCP_TERRAFORM - WELL_KNOWN_WORKLOAD_PROVIDER_AWS_IAM_OUTBOUND readOnly: true type: string x-speakeasy-unknown-values: allow title: Workload Federation Provider type: object x-speakeasy-name-override: WorkloadFederationProvider securitySchemes: bearerAuth: scheme: bearer type: http oauth: description: >- This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the [c1TokenSource.Token()](https://github.com/ConductorOne/conductorone-sdk-go/blob/3375fe7c0126d17e7ec4e711693dee7b791023aa/token_source.go#L101-L187) function. flows: clientCredentials: scopes: {} tokenUrl: /auth/v1/token type: oauth2 ````