:doc:`PrivateCAConnectorforSCEP <../../pca-connector-scep>` / Client / create_connector

****************
create_connector
****************



.. py:method:: PrivateCAConnectorforSCEP.Client.create_connector(**kwargs)

  

  Creates a SCEP connector. A SCEP connector links Amazon Web Services Private Certificate Authority to your SCEP-compatible devices and mobile device management (MDM) systems. Before you create a connector, you must complete a set of prerequisites, including creation of a private certificate authority (CA) to use with this connector. For more information, see `Connector for SCEP prerequisites <https://docs.aws.amazon.com/privateca/latest/userguide/scep-connector.htmlconnector-for-scep-prerequisites.html>`__.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10/CreateConnector>`_  


  **Request Syntax**
  ::

    response = client.create_connector(
        CertificateAuthorityArn='string',
        MobileDeviceManagement={
            'Intune': {
                'AzureApplicationId': 'string',
                'Domain': 'string'
            }
        },
        ClientToken='string',
        Tags={
            'string': 'string'
        }
    )
    
  :type CertificateAuthorityArn: string
  :param CertificateAuthorityArn: **[REQUIRED]** 

    The Amazon Resource Name (ARN) of the Amazon Web Services Private Certificate Authority certificate authority to use with this connector. Due to security vulnerabilities present in the SCEP protocol, we recommend using a private CA that's dedicated for use with the connector.

     

    To retrieve the private CAs associated with your account, you can call `ListCertificateAuthorities <https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html>`__ using the Amazon Web Services Private CA API.

    

  
  :type MobileDeviceManagement: dict
  :param MobileDeviceManagement: 

    If you don't supply a value, by default Connector for SCEP creates a connector for general-purpose use. A general-purpose connector is designed to work with clients or endpoints that support the SCEP protocol, except Connector for SCEP for Microsoft Intune. With connectors for general-purpose use, you manage SCEP challenge passwords using Connector for SCEP. For information about considerations and limitations with using Connector for SCEP, see `Considerations and Limitations <https://docs.aws.amazon.com/privateca/latest/userguide/scep-connector.htmlc4scep-considerations-limitations.html>`__.

     

    If you provide an ``IntuneConfiguration``, Connector for SCEP creates a connector for use with Microsoft Intune, and you manage the challenge passwords using Microsoft Intune. For more information, see `Using Connector for SCEP for Microsoft Intune <https://docs.aws.amazon.com/privateca/latest/userguide/scep-connector.htmlconnector-for-scep-intune.html>`__.

    .. note::    This is a Tagged Union structure. Only one of the     following top level keys can be set: ``Intune``. 

  
    - **Intune** *(dict) --* 

      Configuration settings for use with Microsoft Intune. For information about using Connector for SCEP for Microsoft Intune, see `Using Connector for SCEP for Microsoft Intune <https://docs.aws.amazon.com/privateca/latest/userguide/scep-connector.htmlconnector-for-scep-intune.html>`__.

      

    
      - **AzureApplicationId** *(string) --* **[REQUIRED]** 

        The directory (tenant) ID from your Microsoft Entra ID app registration.

        

      
      - **Domain** *(string) --* **[REQUIRED]** 

        The primary domain from your Microsoft Entra ID app registration.

        

      
    
  
  :type ClientToken: string
  :param ClientToken: 

    Custom string that can be used to distinguish between calls to the `CreateChallenge <https://docs.aws.amazon.com/C4SCEP_API/pca-connector-scep/latest/APIReference/API_CreateChallenge.html>`__ action. Client tokens for ``CreateChallenge`` time out after five minutes. Therefore, if you call ``CreateChallenge`` multiple times with the same client token within five minutes, Connector for SCEP recognizes that you are requesting only one challenge and will only respond with one. If you change the client token for each call, Connector for SCEP recognizes that you are requesting multiple challenge passwords.

    This field is autopopulated if not provided.

  
  :type Tags: dict
  :param Tags: 

    The key-value pairs to associate with the resource.

    

  
    - *(string) --* 

    
      - *(string) --* 

      


  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'ConnectorArn': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **ConnectorArn** *(string) --* 

        Returns the Amazon Resource Name (ARN) of the connector.

        
  
  **Exceptions**
  
  *   :py:class:`PrivateCAConnectorforSCEP.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`PrivateCAConnectorforSCEP.Client.exceptions.InternalServerException`

  
  *   :py:class:`PrivateCAConnectorforSCEP.Client.exceptions.ValidationException`

  
  *   :py:class:`PrivateCAConnectorforSCEP.Client.exceptions.ThrottlingException`

  
  *   :py:class:`PrivateCAConnectorforSCEP.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`PrivateCAConnectorforSCEP.Client.exceptions.ConflictException`

  
  *   :py:class:`PrivateCAConnectorforSCEP.Client.exceptions.ServiceQuotaExceededException`

  