feat: idp and login policy configurations (#619)

* feat: oidc config * fix: oidc configurations * feat: oidc idp config * feat: add oidc config test * fix: tests * fix: tests * feat: translate new events * feat: idp eventstore * feat: idp eventstore * fix: tests * feat: command side idp * feat: query side idp * feat: idp config on org * fix: tests * feat: authz idp on org * feat: org idps * feat: login policy * feat: login policy * feat: login policy * feat: add idp func on login policy * feat: add validation to loginpolicy and idp provider * feat: add default login policy * feat: login policy on org * feat: login policy on org * fix: id config handlers * fix: id config handlers * fix: create idp on org * fix: create idp on org * fix: not existing idp config * fix: default login policy * fix: add login policy on org * fix: idp provider search on org * fix: test * fix: remove idp on org * fix: test * fix: test * fix: remove admin idp * fix: logo src as byte * fix: migration * fix: tests * Update internal/iam/repository/eventsourcing/iam.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/org/repository/eventsourcing/org_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix: pr comments * fix: tests * Update types.go * fix: merge request changes * fix: reduce optimization Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-08-11 21:27:42 +00:00 · 2020-08-26 09:56:23 +02:00
parent f05c5bae24
commit db1d8f4efe
157 changed files with 37510 additions and 15698 deletions
--- a/internal/api/grpc/admin/iam_member.go
+++ b/internal/api/grpc/admin/iam_member.go
@@ -9,11 +9,11 @@ import (
 )

 func (s *Server) GetIamMemberRoles(ctx context.Context, _ *empty.Empty) (*admin.IamMemberRoles, error) {
-	return &admin.IamMemberRoles{Roles: s.iam.GetIamMemberRoles()}, nil
+	return &admin.IamMemberRoles{Roles: s.iam.GetIAMMemberRoles()}, nil
 }

 func (s *Server) SearchIamMembers(ctx context.Context, in *admin.IamMemberSearchRequest) (*admin.IamMemberSearchResponse, error) {
-	members, err := s.iam.SearchIamMembers(ctx, iamMemberSearchRequestToModel(in))
+	members, err := s.iam.SearchIAMMembers(ctx, iamMemberSearchRequestToModel(in))
 	if err != nil {
 		return nil, err
 	}
@@ -21,7 +21,7 @@ func (s *Server) SearchIamMembers(ctx context.Context, in *admin.IamMemberSearch
 }

 func (s *Server) AddIamMember(ctx context.Context, member *admin.AddIamMemberRequest) (*admin.IamMember, error) {
-	addedMember, err := s.iam.AddIamMember(ctx, addIamMemberToModel(member))
+	addedMember, err := s.iam.AddIAMMember(ctx, addIamMemberToModel(member))
 	if err != nil {
 		return nil, err
 	}
@@ -30,7 +30,7 @@ func (s *Server) AddIamMember(ctx context.Context, member *admin.AddIamMemberReq
 }

 func (s *Server) ChangeIamMember(ctx context.Context, member *admin.ChangeIamMemberRequest) (*admin.IamMember, error) {
-	changedMember, err := s.iam.ChangeIamMember(ctx, changeIamMemberToModel(member))
+	changedMember, err := s.iam.ChangeIAMMember(ctx, changeIamMemberToModel(member))
 	if err != nil {
 		return nil, err
 	}
@@ -38,6 +38,6 @@ func (s *Server) ChangeIamMember(ctx context.Context, member *admin.ChangeIamMem
 }

 func (s *Server) RemoveIamMember(ctx context.Context, member *admin.RemoveIamMemberRequest) (*empty.Empty, error) {
-	err := s.iam.RemoveIamMember(ctx, member.UserId)
+	err := s.iam.RemoveIAMMember(ctx, member.UserId)
 	return &empty.Empty{}, err
 }
--- a/internal/api/grpc/admin/iam_member_converter.go
+++ b/internal/api/grpc/admin/iam_member_converter.go
@@ -9,8 +9,8 @@ import (
 	"github.com/caos/zitadel/pkg/grpc/admin"
 )

-func addIamMemberToModel(member *admin.AddIamMemberRequest) *iam_model.IamMember {
-	memberModel := &iam_model.IamMember{
+func addIamMemberToModel(member *admin.AddIamMemberRequest) *iam_model.IAMMember {
+	memberModel := &iam_model.IAMMember{
 		UserID: member.UserId,
 	}
 	memberModel.Roles = member.Roles
@@ -18,8 +18,8 @@ func addIamMemberToModel(member *admin.AddIamMemberRequest) *iam_model.IamMember
 	return memberModel
 }

-func changeIamMemberToModel(member *admin.ChangeIamMemberRequest) *iam_model.IamMember {
-	memberModel := &iam_model.IamMember{
+func changeIamMemberToModel(member *admin.ChangeIamMemberRequest) *iam_model.IAMMember {
+	memberModel := &iam_model.IAMMember{
 		UserID: member.UserId,
 	}
 	memberModel.Roles = member.Roles
@@ -27,7 +27,7 @@ func changeIamMemberToModel(member *admin.ChangeIamMemberRequest) *iam_model.Iam
 	return memberModel
 }

-func iamMemberFromModel(member *iam_model.IamMember) *admin.IamMember {
+func iamMemberFromModel(member *iam_model.IAMMember) *admin.IamMember {
 	creationDate, err := ptypes.TimestampProto(member.CreationDate)
 	logging.Log("GRPC-Lsp76").OnError(err).Debug("date parse failed")

@@ -43,16 +43,16 @@ func iamMemberFromModel(member *iam_model.IamMember) *admin.IamMember {
 	}
 }

-func iamMemberSearchRequestToModel(request *admin.IamMemberSearchRequest) *iam_model.IamMemberSearchRequest {
-	return &iam_model.IamMemberSearchRequest{
+func iamMemberSearchRequestToModel(request *admin.IamMemberSearchRequest) *iam_model.IAMMemberSearchRequest {
+	return &iam_model.IAMMemberSearchRequest{
 		Limit:   request.Limit,
 		Offset:  request.Offset,
 		Queries: iamMemberSearchQueriesToModel(request.Queries),
 	}
 }

-func iamMemberSearchQueriesToModel(queries []*admin.IamMemberSearchQuery) []*iam_model.IamMemberSearchQuery {
-	modelQueries := make([]*iam_model.IamMemberSearchQuery, len(queries))
+func iamMemberSearchQueriesToModel(queries []*admin.IamMemberSearchQuery) []*iam_model.IAMMemberSearchQuery {
+	modelQueries := make([]*iam_model.IAMMemberSearchQuery, len(queries))
 	for i, query := range queries {
 		modelQueries[i] = iamMemberSearchQueryToModel(query)
 	}
@@ -60,30 +60,30 @@ func iamMemberSearchQueriesToModel(queries []*admin.IamMemberSearchQuery) []*iam
 	return modelQueries
 }

-func iamMemberSearchQueryToModel(query *admin.IamMemberSearchQuery) *iam_model.IamMemberSearchQuery {
-	return &iam_model.IamMemberSearchQuery{
+func iamMemberSearchQueryToModel(query *admin.IamMemberSearchQuery) *iam_model.IAMMemberSearchQuery {
+	return &iam_model.IAMMemberSearchQuery{
 		Key:    iamMemberSearchKeyToModel(query.Key),
-		Method: iamMemberSearchMethodToModel(query.Method),
+		Method: searchMethodToModel(query.Method),
 		Value:  query.Value,
 	}
 }

-func iamMemberSearchKeyToModel(key admin.IamMemberSearchKey) iam_model.IamMemberSearchKey {
+func iamMemberSearchKeyToModel(key admin.IamMemberSearchKey) iam_model.IAMMemberSearchKey {
 	switch key {
 	case admin.IamMemberSearchKey_IAMMEMBERSEARCHKEY_EMAIL:
-		return iam_model.IamMemberSearchKeyEmail
+		return iam_model.IAMMemberSearchKeyEmail
 	case admin.IamMemberSearchKey_IAMMEMBERSEARCHKEY_FIRST_NAME:
-		return iam_model.IamMemberSearchKeyFirstName
+		return iam_model.IAMMemberSearchKeyFirstName
 	case admin.IamMemberSearchKey_IAMMEMBERSEARCHKEY_LAST_NAME:
-		return iam_model.IamMemberSearchKeyLastName
+		return iam_model.IAMMemberSearchKeyLastName
 	case admin.IamMemberSearchKey_IAMMEMBERSEARCHKEY_USER_ID:
-		return iam_model.IamMemberSearchKeyUserID
+		return iam_model.IAMMemberSearchKeyUserID
 	default:
-		return iam_model.IamMemberSearchKeyUnspecified
+		return iam_model.IAMMemberSearchKeyUnspecified
 	}
 }

-func iamMemberSearchMethodToModel(key admin.SearchMethod) model.SearchMethod {
+func searchMethodToModel(key admin.SearchMethod) model.SearchMethod {
 	switch key {
 	case admin.SearchMethod_SEARCHMETHOD_CONTAINS:
 		return model.SearchMethodContains
@@ -102,7 +102,7 @@ func iamMemberSearchMethodToModel(key admin.SearchMethod) model.SearchMethod {
 	}
 }

-func iamMemberSearchResponseFromModel(resp *iam_model.IamMemberSearchResponse) *admin.IamMemberSearchResponse {
+func iamMemberSearchResponseFromModel(resp *iam_model.IAMMemberSearchResponse) *admin.IamMemberSearchResponse {
 	timestamp, err := ptypes.TimestampProto(resp.Timestamp)
 	logging.Log("GRPC-5shu8").OnError(err).Debug("date parse failed")
 	return &admin.IamMemberSearchResponse{
@@ -114,7 +114,7 @@ func iamMemberSearchResponseFromModel(resp *iam_model.IamMemberSearchResponse) *
 		ViewTimestamp:     timestamp,
 	}
 }
-func iamMembersFromView(viewMembers []*iam_model.IamMemberView) []*admin.IamMemberView {
+func iamMembersFromView(viewMembers []*iam_model.IAMMemberView) []*admin.IamMemberView {
 	members := make([]*admin.IamMemberView, len(viewMembers))

 	for i, member := range viewMembers {
@@ -124,7 +124,7 @@ func iamMembersFromView(viewMembers []*iam_model.IamMemberView) []*admin.IamMemb
 	return members
 }

-func iamMemberFromView(member *iam_model.IamMemberView) *admin.IamMemberView {
+func iamMemberFromView(member *iam_model.IAMMemberView) *admin.IamMemberView {
 	changeDate, err := ptypes.TimestampProto(member.ChangeDate)
 	logging.Log("GRPC-Lso9c").OnError(err).Debug("unable to parse changedate")
 	creationDate, err := ptypes.TimestampProto(member.CreationDate)
--- a/internal/api/grpc/admin/idp_config.go
+++ b/internal/api/grpc/admin/idp_config.go
@@ -0,0 +1,69 @@
+package admin
+
+import (
+	"context"
+	"github.com/golang/protobuf/ptypes/empty"
+
+	"github.com/caos/zitadel/pkg/grpc/admin"
+)
+
+func (s *Server) IdpByID(ctx context.Context, id *admin.IdpID) (*admin.IdpView, error) {
+	config, err := s.iam.IDPConfigByID(ctx, id.Id)
+	if err != nil {
+		return nil, err
+	}
+	return idpViewFromModel(config), nil
+}
+
+func (s *Server) CreateOidcIdp(ctx context.Context, oidcIdpConfig *admin.OidcIdpConfigCreate) (*admin.Idp, error) {
+	config, err := s.iam.AddOIDCIDPConfig(ctx, createOidcIdpToModel(oidcIdpConfig))
+	if err != nil {
+		return nil, err
+	}
+	return idpFromModel(config), nil
+}
+
+func (s *Server) UpdateIdpConfig(ctx context.Context, idpConfig *admin.IdpUpdate) (*admin.Idp, error) {
+	config, err := s.iam.ChangeIDPConfig(ctx, updateIdpToModel(idpConfig))
+	if err != nil {
+		return nil, err
+	}
+	return idpFromModel(config), nil
+}
+
+func (s *Server) DeactivateIdpConfig(ctx context.Context, id *admin.IdpID) (*admin.Idp, error) {
+	config, err := s.iam.DeactivateIDPConfig(ctx, id.Id)
+	if err != nil {
+		return nil, err
+	}
+	return idpFromModel(config), nil
+}
+
+func (s *Server) ReactivateIdpConfig(ctx context.Context, id *admin.IdpID) (*admin.Idp, error) {
+	config, err := s.iam.ReactivateIDPConfig(ctx, id.Id)
+	if err != nil {
+		return nil, err
+	}
+	return idpFromModel(config), nil
+}
+
+func (s *Server) RemoveIdpConfig(ctx context.Context, id *admin.IdpID) (*empty.Empty, error) {
+	err := s.iam.RemoveIDPConfig(ctx, id.Id)
+	return &empty.Empty{}, err
+}
+
+func (s *Server) UpdateOidcIdpConfig(ctx context.Context, request *admin.OidcIdpConfigUpdate) (*admin.OidcIdpConfig, error) {
+	config, err := s.iam.ChangeOidcIDPConfig(ctx, updateOidcIdpToModel(request))
+	if err != nil {
+		return nil, err
+	}
+	return oidcIdpConfigFromModel(config), nil
+}
+
+func (s *Server) SearchIdps(ctx context.Context, request *admin.IdpSearchRequest) (*admin.IdpSearchResponse, error) {
+	response, err := s.iam.SearchIDPConfigs(ctx, idpConfigSearchRequestToModel(request))
+	if err != nil {
+		return nil, err
+	}
+	return idpConfigSearchResponseFromModel(response), nil
+}
--- a/internal/api/grpc/admin/idp_config_converter.go
+++ b/internal/api/grpc/admin/idp_config_converter.go
@@ -0,0 +1,180 @@
+package admin
+
+import (
+	"github.com/caos/logging"
+	iam_model "github.com/caos/zitadel/internal/iam/model"
+	"github.com/caos/zitadel/pkg/grpc/admin"
+	"github.com/golang/protobuf/ptypes"
+)
+
+func createOidcIdpToModel(idp *admin.OidcIdpConfigCreate) *iam_model.IDPConfig {
+	return &iam_model.IDPConfig{
+		Name:    idp.Name,
+		LogoSrc: idp.LogoSrc,
+		Type:    iam_model.IDPConfigTypeOIDC,
+		OIDCConfig: &iam_model.OIDCIDPConfig{
+			ClientID:           idp.ClientId,
+			ClientSecretString: idp.ClientSecret,
+			Issuer:             idp.Issuer,
+			Scopes:             idp.Scopes,
+		},
+	}
+}
+
+func updateIdpToModel(idp *admin.IdpUpdate) *iam_model.IDPConfig {
+	return &iam_model.IDPConfig{
+		IDPConfigID: idp.Id,
+		Name:        idp.Name,
+		LogoSrc:     idp.LogoSrc,
+	}
+}
+
+func updateOidcIdpToModel(idp *admin.OidcIdpConfigUpdate) *iam_model.OIDCIDPConfig {
+	return &iam_model.OIDCIDPConfig{
+		IDPConfigID:        idp.IdpId,
+		ClientID:           idp.ClientId,
+		ClientSecretString: idp.ClientSecret,
+		Issuer:             idp.Issuer,
+		Scopes:             idp.Scopes,
+	}
+}
+
+func idpFromModel(idp *iam_model.IDPConfig) *admin.Idp {
+	creationDate, err := ptypes.TimestampProto(idp.CreationDate)
+	logging.Log("GRPC-8dju8").OnError(err).Debug("date parse failed")
+
+	changeDate, err := ptypes.TimestampProto(idp.ChangeDate)
+	logging.Log("GRPC-Dsj8i").OnError(err).Debug("date parse failed")
+
+	return &admin.Idp{
+		Id:           idp.IDPConfigID,
+		CreationDate: creationDate,
+		ChangeDate:   changeDate,
+		Sequence:     idp.Sequence,
+		Name:         idp.Name,
+		LogoSrc:      idp.LogoSrc,
+		State:        idpConfigStateFromModel(idp.State),
+		IdpConfig:    idpConfigFromModel(idp),
+	}
+}
+
+func idpViewFromModel(idp *iam_model.IDPConfigView) *admin.IdpView {
+	creationDate, err := ptypes.TimestampProto(idp.CreationDate)
+	logging.Log("GRPC-8dju8").OnError(err).Debug("date parse failed")
+
+	changeDate, err := ptypes.TimestampProto(idp.ChangeDate)
+	logging.Log("GRPC-Dsj8i").OnError(err).Debug("date parse failed")
+
+	return &admin.IdpView{
+		Id:            idp.IDPConfigID,
+		CreationDate:  creationDate,
+		ChangeDate:    changeDate,
+		Sequence:      idp.Sequence,
+		Name:          idp.Name,
+		LogoSrc:       idp.LogoSrc,
+		State:         idpConfigStateFromModel(idp.State),
+		IdpConfigView: idpConfigViewFromModel(idp),
+	}
+}
+
+func idpConfigFromModel(idp *iam_model.IDPConfig) *admin.Idp_OidcConfig {
+	if idp.Type == iam_model.IDPConfigTypeOIDC {
+		return &admin.Idp_OidcConfig{
+			OidcConfig: oidcIdpConfigFromModel(idp.OIDCConfig),
+		}
+	}
+	return nil
+}
+
+func oidcIdpConfigFromModel(idp *iam_model.OIDCIDPConfig) *admin.OidcIdpConfig {
+	return &admin.OidcIdpConfig{
+		ClientId: idp.ClientID,
+		Issuer:   idp.Issuer,
+		Scopes:   idp.Scopes,
+	}
+}
+
+func idpConfigViewFromModel(idp *iam_model.IDPConfigView) *admin.IdpView_OidcConfig {
+	if idp.IsOIDC {
+		return &admin.IdpView_OidcConfig{
+			OidcConfig: oidcIdpConfigViewFromModel(idp),
+		}
+	}
+	return nil
+}
+
+func oidcIdpConfigViewFromModel(idp *iam_model.IDPConfigView) *admin.OidcIdpConfigView {
+	return &admin.OidcIdpConfigView{
+		ClientId: idp.OIDCClientID,
+		Issuer:   idp.OIDCIssuer,
+		Scopes:   idp.OIDCScopes,
+	}
+}
+
+func idpConfigStateFromModel(state iam_model.IDPConfigState) admin.IdpState {
+	switch state {
+	case iam_model.IDPConfigStateActive:
+		return admin.IdpState_IDPCONFIGSTATE_ACTIVE
+	case iam_model.IDPConfigStateInactive:
+		return admin.IdpState_IDPCONFIGSTATE_INACTIVE
+	default:
+		return admin.IdpState_IDPCONFIGSTATE_UNSPECIFIED
+	}
+}
+
+func idpConfigSearchRequestToModel(request *admin.IdpSearchRequest) *iam_model.IDPConfigSearchRequest {
+	return &iam_model.IDPConfigSearchRequest{
+		Limit:   request.Limit,
+		Offset:  request.Offset,
+		Queries: idpConfigSearchQueriesToModel(request.Queries),
+	}
+}
+
+func idpConfigSearchQueriesToModel(queries []*admin.IdpSearchQuery) []*iam_model.IDPConfigSearchQuery {
+	modelQueries := make([]*iam_model.IDPConfigSearchQuery, len(queries))
+	for i, query := range queries {
+		modelQueries[i] = idpConfigSearchQueryToModel(query)
+	}
+
+	return modelQueries
+}
+
+func idpConfigSearchQueryToModel(query *admin.IdpSearchQuery) *iam_model.IDPConfigSearchQuery {
+	return &iam_model.IDPConfigSearchQuery{
+		Key:    idpConfigSearchKeyToModel(query.Key),
+		Method: searchMethodToModel(query.Method),
+		Value:  query.Value,
+	}
+}
+
+func idpConfigSearchKeyToModel(key admin.IdpSearchKey) iam_model.IDPConfigSearchKey {
+	switch key {
+	case admin.IdpSearchKey_IDPSEARCHKEY_IDP_CONFIG_ID:
+		return iam_model.IDPConfigSearchKeyIdpConfigID
+	case admin.IdpSearchKey_IDPSEARCHKEY_NAME:
+		return iam_model.IDPConfigSearchKeyName
+	default:
+		return iam_model.IDPConfigSearchKeyUnspecified
+	}
+}
+
+func idpConfigSearchResponseFromModel(resp *iam_model.IDPConfigSearchResponse) *admin.IdpSearchResponse {
+	timestamp, err := ptypes.TimestampProto(resp.Timestamp)
+	logging.Log("GRPC-KSi8c").OnError(err).Debug("date parse failed")
+	return &admin.IdpSearchResponse{
+		Limit:             resp.Limit,
+		Offset:            resp.Offset,
+		TotalResult:       resp.TotalResult,
+		Result:            idpConfigsFromView(resp.Result),
+		ProcessedSequence: resp.Sequence,
+		ViewTimestamp:     timestamp,
+	}
+}
+
+func idpConfigsFromView(viewIdps []*iam_model.IDPConfigView) []*admin.IdpView {
+	idps := make([]*admin.IdpView, len(viewIdps))
+	for i, idp := range viewIdps {
+		idps[i] = idpViewFromModel(idp)
+	}
+	return idps
+}
--- a/internal/api/grpc/admin/login_policy.go
+++ b/internal/api/grpc/admin/login_policy.go
@@ -0,0 +1,44 @@
+package admin
+
+import (
+	"context"
+	"github.com/caos/zitadel/pkg/grpc/admin"
+	"github.com/golang/protobuf/ptypes/empty"
+)
+
+func (s *Server) GetDefaultLoginPolicy(ctx context.Context, _ *empty.Empty) (*admin.DefaultLoginPolicyView, error) {
+	result, err := s.iam.GetDefaultLoginPolicy(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return loginPolicyViewFromModel(result), nil
+}
+
+func (s *Server) UpdateDefaultLoginPolicy(ctx context.Context, policy *admin.DefaultLoginPolicy) (*admin.DefaultLoginPolicy, error) {
+	result, err := s.iam.ChangeDefaultLoginPolicy(ctx, loginPolicyToModel(policy))
+	if err != nil {
+		return nil, err
+	}
+	return loginPolicyFromModel(result), nil
+}
+
+func (s *Server) GetDefaultLoginPolicyIdpProviders(ctx context.Context, request *admin.IdpProviderSearchRequest) (*admin.IdpProviderSearchResponse, error) {
+	result, err := s.iam.SearchDefaultIDPProviders(ctx, idpProviderSearchRequestToModel(request))
+	if err != nil {
+		return nil, err
+	}
+	return idpProviderSearchResponseFromModel(result), nil
+}
+
+func (s *Server) AddIdpProviderToDefaultLoginPolicy(ctx context.Context, provider *admin.IdpProviderID) (*admin.IdpProviderID, error) {
+	result, err := s.iam.AddIDPProviderToLoginPolicy(ctx, idpProviderToModel(provider))
+	if err != nil {
+		return nil, err
+	}
+	return idpProviderFromModel(result), nil
+}
+
+func (s *Server) RemoveIdpProviderFromDefaultLoginPolicy(ctx context.Context, provider *admin.IdpProviderID) (*empty.Empty, error) {
+	err := s.iam.RemoveIDPProviderFromLoginPolicy(ctx, idpProviderToModel(provider))
+	return &empty.Empty{}, err
+}
--- a/internal/api/grpc/admin/login_policy_converter.go
+++ b/internal/api/grpc/admin/login_policy_converter.go
@@ -0,0 +1,87 @@
+package admin
+
+import (
+	iam_model "github.com/caos/zitadel/internal/iam/model"
+	"github.com/caos/zitadel/pkg/grpc/admin"
+)
+
+func loginPolicyToModel(policy *admin.DefaultLoginPolicy) *iam_model.LoginPolicy {
+	return &iam_model.LoginPolicy{
+		AllowUsernamePassword: policy.AllowUsernamePassword,
+		AllowExternalIdp:      policy.AllowExternalIdp,
+		AllowRegister:         policy.AllowRegister,
+	}
+}
+
+func loginPolicyFromModel(policy *iam_model.LoginPolicy) *admin.DefaultLoginPolicy {
+	return &admin.DefaultLoginPolicy{
+		AllowUsernamePassword: policy.AllowUsernamePassword,
+		AllowExternalIdp:      policy.AllowExternalIdp,
+		AllowRegister:         policy.AllowRegister,
+	}
+}
+
+func loginPolicyViewFromModel(policy *iam_model.LoginPolicyView) *admin.DefaultLoginPolicyView {
+	return &admin.DefaultLoginPolicyView{
+		AllowUsernamePassword: policy.AllowUsernamePassword,
+		AllowExternalIdp:      policy.AllowExternalIDP,
+		AllowRegister:         policy.AllowRegister,
+	}
+}
+
+func idpProviderSearchRequestToModel(request *admin.IdpProviderSearchRequest) *iam_model.IDPProviderSearchRequest {
+	return &iam_model.IDPProviderSearchRequest{
+		Limit:  request.Limit,
+		Offset: request.Offset,
+	}
+}
+
+func idpProviderSearchResponseFromModel(response *iam_model.IDPProviderSearchResponse) *admin.IdpProviderSearchResponse {
+	return &admin.IdpProviderSearchResponse{
+		Limit:       response.Limit,
+		Offset:      response.Offset,
+		TotalResult: response.TotalResult,
+		Result:      idpProviderViewsFromModel(response.Result),
+	}
+}
+
+func idpProviderToModel(provider *admin.IdpProviderID) *iam_model.IDPProvider {
+	return &iam_model.IDPProvider{
+		IdpConfigID: provider.IdpConfigId,
+		Type:        iam_model.IDPProviderTypeSystem,
+	}
+}
+
+func idpProviderFromModel(provider *iam_model.IDPProvider) *admin.IdpProviderID {
+	return &admin.IdpProviderID{
+		IdpConfigId: provider.IdpConfigID,
+	}
+}
+
+func idpProviderViewsFromModel(providers []*iam_model.IDPProviderView) []*admin.IdpProviderView {
+	converted := make([]*admin.IdpProviderView, len(providers))
+	for i, provider := range providers {
+		converted[i] = idpProviderViewFromModel(provider)
+	}
+
+	return converted
+}
+
+func idpProviderViewFromModel(provider *iam_model.IDPProviderView) *admin.IdpProviderView {
+	return &admin.IdpProviderView{
+		IdpConfigId: provider.IDPConfigID,
+		Name:        provider.Name,
+		Type:        idpConfigTypeToModel(provider.IDPConfigType),
+	}
+}
+
+func idpConfigTypeToModel(providerType iam_model.IdpConfigType) admin.IdpType {
+	switch providerType {
+	case iam_model.IDPConfigTypeOIDC:
+		return admin.IdpType_IDPTYPE_OIDC
+	case iam_model.IDPConfigTypeSAML:
+		return admin.IdpType_IDPTYPE_SAML
+	default:
+		return admin.IdpType_IDPTYPE_UNSPECIFIED
+	}
+}
--- a/internal/api/grpc/admin/org_converter.go
+++ b/internal/api/grpc/admin/org_converter.go
@@ -269,7 +269,7 @@ func orgQueryMethodToModel(method admin.OrgSearchMethod) model.SearchMethod {
 	}
 }

-func orgIamPolicyFromModel(policy *org_model.OrgIamPolicy) *admin.OrgIamPolicy {
+func orgIamPolicyFromModel(policy *org_model.OrgIAMPolicy) *admin.OrgIamPolicy {
 	creationDate, err := ptypes.TimestampProto(policy.CreationDate)
 	logging.Log("GRPC-ush36").OnError(err).Debug("unable to get timestamp from time")

@@ -286,8 +286,8 @@ func orgIamPolicyFromModel(policy *org_model.OrgIamPolicy) *admin.OrgIamPolicy {
 	}
 }

-func orgIamPolicyRequestToModel(policy *admin.OrgIamPolicyRequest) *org_model.OrgIamPolicy {
-	return &org_model.OrgIamPolicy{
+func orgIamPolicyRequestToModel(policy *admin.OrgIamPolicyRequest) *org_model.OrgIAMPolicy {
+	return &org_model.OrgIAMPolicy{
 		ObjectRoot: models.ObjectRoot{
 			AggregateID: policy.OrgId,
 		},
--- a/internal/api/grpc/admin/server.go
+++ b/internal/api/grpc/admin/server.go
@@ -18,7 +18,7 @@ var _ admin.AdminServiceServer = (*Server)(nil)

 type Server struct {
 	org           repository.OrgRepository
-	iam           repository.IamRepository
+	iam           repository.IAMRepository
 	administrator repository.AdministratorRepository
 	repo          repository.Repository
 }
--- a/internal/api/grpc/management/iam.go
+++ b/internal/api/grpc/management/iam.go
@@ -9,7 +9,7 @@ import (
 )

 func (s *Server) GetIam(ctx context.Context, _ *empty.Empty) (*management.Iam, error) {
-	iam, err := s.iam.IamByID(ctx, s.systemDefaults.IamID)
+	iam, err := s.iam.IAMByID(ctx, s.systemDefaults.IamID)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/api/grpc/management/iam_converter.go
+++ b/internal/api/grpc/management/iam_converter.go
@@ -5,9 +5,9 @@ import (
 	"github.com/caos/zitadel/pkg/grpc/management"
 )

-func iamFromModel(iam *iam_model.Iam) *management.Iam {
+func iamFromModel(iam *iam_model.IAM) *management.Iam {
 	return &management.Iam{
-		IamProjectId: iam.IamProjectID,
+		IamProjectId: iam.IAMProjectID,
 		GlobalOrgId:  iam.GlobalOrgID,
 		SetUpDone:    iam.SetUpDone,
 		SetUpStarted: iam.SetUpStarted,
--- a/internal/api/grpc/management/idp_config.go
+++ b/internal/api/grpc/management/idp_config.go
@@ -0,0 +1,69 @@
+package management
+
+import (
+	"context"
+	"github.com/golang/protobuf/ptypes/empty"
+
+	"github.com/caos/zitadel/pkg/grpc/management"
+)
+
+func (s *Server) IdpByID(ctx context.Context, id *management.IdpID) (*management.IdpView, error) {
+	config, err := s.org.IDPConfigByID(ctx, id.Id)
+	if err != nil {
+		return nil, err
+	}
+	return idpViewFromModel(config), nil
+}
+
+func (s *Server) CreateOidcIdp(ctx context.Context, oidcIdpConfig *management.OidcIdpConfigCreate) (*management.Idp, error) {
+	config, err := s.org.AddOIDCIDPConfig(ctx, createOidcIdpToModel(oidcIdpConfig))
+	if err != nil {
+		return nil, err
+	}
+	return idpFromModel(config), nil
+}
+
+func (s *Server) UpdateIdpConfig(ctx context.Context, idpConfig *management.IdpUpdate) (*management.Idp, error) {
+	config, err := s.org.ChangeIDPConfig(ctx, updateIdpToModel(idpConfig))
+	if err != nil {
+		return nil, err
+	}
+	return idpFromModel(config), nil
+}
+
+func (s *Server) DeactivateIdpConfig(ctx context.Context, id *management.IdpID) (*management.Idp, error) {
+	config, err := s.org.DeactivateIDPConfig(ctx, id.Id)
+	if err != nil {
+		return nil, err
+	}
+	return idpFromModel(config), nil
+}
+
+func (s *Server) ReactivateIdpConfig(ctx context.Context, id *management.IdpID) (*management.Idp, error) {
+	config, err := s.org.ReactivateIDPConfig(ctx, id.Id)
+	if err != nil {
+		return nil, err
+	}
+	return idpFromModel(config), nil
+}
+
+func (s *Server) RemoveIdpConfig(ctx context.Context, id *management.IdpID) (*empty.Empty, error) {
+	err := s.org.RemoveIDPConfig(ctx, id.Id)
+	return &empty.Empty{}, err
+}
+
+func (s *Server) UpdateOidcIdpConfig(ctx context.Context, request *management.OidcIdpConfigUpdate) (*management.OidcIdpConfig, error) {
+	config, err := s.org.ChangeOIDCIDPConfig(ctx, updateOidcIdpToModel(request))
+	if err != nil {
+		return nil, err
+	}
+	return oidcIdpConfigFromModel(config), nil
+}
+
+func (s *Server) SearchIdps(ctx context.Context, request *management.IdpSearchRequest) (*management.IdpSearchResponse, error) {
+	response, err := s.org.SearchIDPConfigs(ctx, idpConfigSearchRequestToModel(request))
+	if err != nil {
+		return nil, err
+	}
+	return idpConfigSearchResponseFromModel(response), nil
+}
--- a/internal/api/grpc/management/idp_config_converter.go
+++ b/internal/api/grpc/management/idp_config_converter.go
@@ -0,0 +1,183 @@
+package management
+
+import (
+	"github.com/caos/logging"
+	iam_model "github.com/caos/zitadel/internal/iam/model"
+	"github.com/caos/zitadel/pkg/grpc/management"
+	"github.com/golang/protobuf/ptypes"
+)
+
+func createOidcIdpToModel(idp *management.OidcIdpConfigCreate) *iam_model.IDPConfig {
+	return &iam_model.IDPConfig{
+		Name:    idp.Name,
+		LogoSrc: idp.LogoSrc,
+		Type:    iam_model.IDPConfigTypeOIDC,
+		OIDCConfig: &iam_model.OIDCIDPConfig{
+			ClientID:           idp.ClientId,
+			ClientSecretString: idp.ClientSecret,
+			Issuer:             idp.Issuer,
+			Scopes:             idp.Scopes,
+		},
+	}
+}
+
+func updateIdpToModel(idp *management.IdpUpdate) *iam_model.IDPConfig {
+	return &iam_model.IDPConfig{
+		IDPConfigID: idp.Id,
+		Name:        idp.Name,
+		LogoSrc:     idp.LogoSrc,
+	}
+}
+
+func updateOidcIdpToModel(idp *management.OidcIdpConfigUpdate) *iam_model.OIDCIDPConfig {
+	return &iam_model.OIDCIDPConfig{
+		IDPConfigID:        idp.IdpId,
+		ClientID:           idp.ClientId,
+		ClientSecretString: idp.ClientSecret,
+		Issuer:             idp.Issuer,
+		Scopes:             idp.Scopes,
+	}
+}
+
+func idpFromModel(idp *iam_model.IDPConfig) *management.Idp {
+	creationDate, err := ptypes.TimestampProto(idp.CreationDate)
+	logging.Log("GRPC-8dju8").OnError(err).Debug("date parse failed")
+
+	changeDate, err := ptypes.TimestampProto(idp.ChangeDate)
+	logging.Log("GRPC-Dsj8i").OnError(err).Debug("date parse failed")
+
+	return &management.Idp{
+		Id:           idp.IDPConfigID,
+		CreationDate: creationDate,
+		ChangeDate:   changeDate,
+		Sequence:     idp.Sequence,
+		Name:         idp.Name,
+		LogoSrc:      idp.LogoSrc,
+		State:        idpConfigStateFromModel(idp.State),
+		IdpConfig:    idpConfigFromModel(idp),
+	}
+}
+
+func idpViewFromModel(idp *iam_model.IDPConfigView) *management.IdpView {
+	creationDate, err := ptypes.TimestampProto(idp.CreationDate)
+	logging.Log("GRPC-8dju8").OnError(err).Debug("date parse failed")
+
+	changeDate, err := ptypes.TimestampProto(idp.ChangeDate)
+	logging.Log("GRPC-Dsj8i").OnError(err).Debug("date parse failed")
+
+	return &management.IdpView{
+		Id:            idp.IDPConfigID,
+		CreationDate:  creationDate,
+		ChangeDate:    changeDate,
+		Sequence:      idp.Sequence,
+		ProviderType:  idpProviderTypeFromModel(idp.IDPProviderType),
+		Name:          idp.Name,
+		LogoSrc:       idp.LogoSrc,
+		State:         idpConfigStateFromModel(idp.State),
+		IdpConfigView: idpConfigViewFromModel(idp),
+	}
+}
+
+func idpConfigFromModel(idp *iam_model.IDPConfig) *management.Idp_OidcConfig {
+	if idp.Type == iam_model.IDPConfigTypeOIDC {
+		return &management.Idp_OidcConfig{
+			OidcConfig: oidcIdpConfigFromModel(idp.OIDCConfig),
+		}
+	}
+	return nil
+}
+
+func oidcIdpConfigFromModel(idp *iam_model.OIDCIDPConfig) *management.OidcIdpConfig {
+	return &management.OidcIdpConfig{
+		ClientId: idp.ClientID,
+		Issuer:   idp.Issuer,
+		Scopes:   idp.Scopes,
+	}
+}
+
+func idpConfigViewFromModel(idp *iam_model.IDPConfigView) *management.IdpView_OidcConfig {
+	if idp.IsOIDC {
+		return &management.IdpView_OidcConfig{
+			OidcConfig: oidcIdpConfigViewFromModel(idp),
+		}
+	}
+	return nil
+}
+
+func oidcIdpConfigViewFromModel(idp *iam_model.IDPConfigView) *management.OidcIdpConfigView {
+	return &management.OidcIdpConfigView{
+		ClientId: idp.OIDCClientID,
+		Issuer:   idp.OIDCIssuer,
+		Scopes:   idp.OIDCScopes,
+	}
+}
+
+func idpConfigStateFromModel(state iam_model.IDPConfigState) management.IdpState {
+	switch state {
+	case iam_model.IDPConfigStateActive:
+		return management.IdpState_IDPCONFIGSTATE_ACTIVE
+	case iam_model.IDPConfigStateInactive:
+		return management.IdpState_IDPCONFIGSTATE_INACTIVE
+	default:
+		return management.IdpState_IDPCONFIGSTATE_UNSPECIFIED
+	}
+}
+
+func idpConfigSearchRequestToModel(request *management.IdpSearchRequest) *iam_model.IDPConfigSearchRequest {
+	return &iam_model.IDPConfigSearchRequest{
+		Limit:   request.Limit,
+		Offset:  request.Offset,
+		Queries: idpConfigSearchQueriesToModel(request.Queries),
+	}
+}
+
+func idpConfigSearchQueriesToModel(queries []*management.IdpSearchQuery) []*iam_model.IDPConfigSearchQuery {
+	modelQueries := make([]*iam_model.IDPConfigSearchQuery, len(queries))
+	for i, query := range queries {
+		modelQueries[i] = idpConfigSearchQueryToModel(query)
+	}
+
+	return modelQueries
+}
+
+func idpConfigSearchQueryToModel(query *management.IdpSearchQuery) *iam_model.IDPConfigSearchQuery {
+	return &iam_model.IDPConfigSearchQuery{
+		Key:    idpConfigSearchKeyToModel(query.Key),
+		Method: searchMethodToModel(query.Method),
+		Value:  query.Value,
+	}
+}
+
+func idpConfigSearchKeyToModel(key management.IdpSearchKey) iam_model.IDPConfigSearchKey {
+	switch key {
+	case management.IdpSearchKey_IDPSEARCHKEY_IDP_CONFIG_ID:
+		return iam_model.IDPConfigSearchKeyIdpConfigID
+	case management.IdpSearchKey_IDPSEARCHKEY_NAME:
+		return iam_model.IDPConfigSearchKeyName
+	case management.IdpSearchKey_IDPSEARCHKEY_PROVIDER_TYPE:
+		return iam_model.IDPConfigSearchKeyIdpProviderType
+	default:
+		return iam_model.IDPConfigSearchKeyUnspecified
+	}
+}
+
+func idpConfigSearchResponseFromModel(resp *iam_model.IDPConfigSearchResponse) *management.IdpSearchResponse {
+	timestamp, err := ptypes.TimestampProto(resp.Timestamp)
+	logging.Log("GRPC-KSi8c").OnError(err).Debug("date parse failed")
+	return &management.IdpSearchResponse{
+		Limit:             resp.Limit,
+		Offset:            resp.Offset,
+		TotalResult:       resp.TotalResult,
+		Result:            idpConfigsFromView(resp.Result),
+		ProcessedSequence: resp.Sequence,
+		ViewTimestamp:     timestamp,
+	}
+}
+
+func idpConfigsFromView(viewIdps []*iam_model.IDPConfigView) []*management.IdpView {
+	idps := make([]*management.IdpView, len(viewIdps))
+	for i, idp := range viewIdps {
+		idps[i] = idpViewFromModel(idp)
+	}
+	return idps
+}
--- a/internal/api/grpc/management/login_policy.go
+++ b/internal/api/grpc/management/login_policy.go
@@ -0,0 +1,57 @@
+package management
+
+import (
+	"context"
+	"github.com/caos/zitadel/pkg/grpc/management"
+	"github.com/golang/protobuf/ptypes/empty"
+)
+
+func (s *Server) GetLoginPolicy(ctx context.Context, _ *empty.Empty) (*management.LoginPolicyView, error) {
+	result, err := s.org.GetLoginPolicy(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return loginPolicyViewFromModel(result), nil
+}
+
+func (s *Server) CreateLoginPolicy(ctx context.Context, policy *management.LoginPolicyAdd) (*management.LoginPolicy, error) {
+	result, err := s.org.AddLoginPolicy(ctx, loginPolicyAddToModel(policy))
+	if err != nil {
+		return nil, err
+	}
+	return loginPolicyFromModel(result), nil
+}
+
+func (s *Server) UpdateLoginPolicy(ctx context.Context, policy *management.LoginPolicy) (*management.LoginPolicy, error) {
+	result, err := s.org.ChangeLoginPolicy(ctx, loginPolicyToModel(policy))
+	if err != nil {
+		return nil, err
+	}
+	return loginPolicyFromModel(result), nil
+}
+
+func (s *Server) RemoveLoginPolicy(ctx context.Context, _ *empty.Empty) (*empty.Empty, error) {
+	err := s.org.RemoveLoginPolicy(ctx)
+	return &empty.Empty{}, err
+}
+
+func (s *Server) GetLoginPolicyIdpProviders(ctx context.Context, request *management.IdpProviderSearchRequest) (*management.IdpProviderSearchResponse, error) {
+	result, err := s.org.SearchIDPProviders(ctx, idpProviderSearchRequestToModel(request))
+	if err != nil {
+		return nil, err
+	}
+	return idpProviderSearchResponseFromModel(result), nil
+}
+
+func (s *Server) AddIdpProviderToLoginPolicy(ctx context.Context, provider *management.IdpProviderAdd) (*management.IdpProvider, error) {
+	result, err := s.org.AddIDPProviderToLoginPolicy(ctx, idpProviderAddToModel(provider))
+	if err != nil {
+		return nil, err
+	}
+	return idpProviderFromModel(result), nil
+}
+
+func (s *Server) RemoveIdpProviderFromLoginPolicy(ctx context.Context, provider *management.IdpProviderID) (*empty.Empty, error) {
+	err := s.org.RemoveIDPProviderFromLoginPolicy(ctx, idpProviderToModel(provider))
+	return &empty.Empty{}, err
+}
--- a/internal/api/grpc/management/login_policy_converter.go
+++ b/internal/api/grpc/management/login_policy_converter.go
@@ -0,0 +1,131 @@
+package management
+
+import (
+	iam_model "github.com/caos/zitadel/internal/iam/model"
+	"github.com/caos/zitadel/pkg/grpc/management"
+)
+
+func loginPolicyAddToModel(policy *management.LoginPolicyAdd) *iam_model.LoginPolicy {
+	return &iam_model.LoginPolicy{
+		AllowUsernamePassword: policy.AllowUsernamePassword,
+		AllowExternalIdp:      policy.AllowExternalIdp,
+		AllowRegister:         policy.AllowRegister,
+	}
+}
+func loginPolicyToModel(policy *management.LoginPolicy) *iam_model.LoginPolicy {
+	return &iam_model.LoginPolicy{
+		AllowUsernamePassword: policy.AllowUsernamePassword,
+		AllowExternalIdp:      policy.AllowExternalIdp,
+		AllowRegister:         policy.AllowRegister,
+	}
+}
+
+func loginPolicyFromModel(policy *iam_model.LoginPolicy) *management.LoginPolicy {
+	return &management.LoginPolicy{
+		AllowUsernamePassword: policy.AllowUsernamePassword,
+		AllowExternalIdp:      policy.AllowExternalIdp,
+		AllowRegister:         policy.AllowRegister,
+	}
+}
+
+func loginPolicyViewFromModel(policy *iam_model.LoginPolicyView) *management.LoginPolicyView {
+	return &management.LoginPolicyView{
+		Default:               policy.Default,
+		AllowUsernamePassword: policy.AllowUsernamePassword,
+		AllowExternalIdp:      policy.AllowExternalIDP,
+		AllowRegister:         policy.AllowRegister,
+	}
+}
+
+func idpProviderSearchRequestToModel(request *management.IdpProviderSearchRequest) *iam_model.IDPProviderSearchRequest {
+	return &iam_model.IDPProviderSearchRequest{
+		Limit:  request.Limit,
+		Offset: request.Offset,
+	}
+}
+
+func idpProviderSearchResponseFromModel(response *iam_model.IDPProviderSearchResponse) *management.IdpProviderSearchResponse {
+	return &management.IdpProviderSearchResponse{
+		Limit:       response.Limit,
+		Offset:      response.Offset,
+		TotalResult: response.TotalResult,
+		Result:      idpProviderViewsFromModel(response.Result),
+	}
+}
+
+func idpProviderToModel(provider *management.IdpProviderID) *iam_model.IDPProvider {
+	return &iam_model.IDPProvider{
+		IdpConfigID: provider.IdpConfigId,
+		Type:        iam_model.IDPProviderTypeSystem,
+	}
+}
+
+func idpProviderAddToModel(provider *management.IdpProviderAdd) *iam_model.IDPProvider {
+	return &iam_model.IDPProvider{
+		IdpConfigID: provider.IdpConfigId,
+		Type:        idpProviderTypeToModel(provider.IdpProviderType),
+	}
+}
+
+func idpProviderIDFromModel(provider *iam_model.IDPProvider) *management.IdpProviderID {
+	return &management.IdpProviderID{
+		IdpConfigId: provider.IdpConfigID,
+	}
+}
+
+func idpProviderFromModel(provider *iam_model.IDPProvider) *management.IdpProvider {
+	return &management.IdpProvider{
+		IdpConfigId:      provider.IdpConfigID,
+		IdpProvider_Type: idpProviderTypeFromModel(provider.Type),
+	}
+}
+
+func idpProviderViewsFromModel(providers []*iam_model.IDPProviderView) []*management.IdpProviderView {
+	converted := make([]*management.IdpProviderView, len(providers))
+	for i, provider := range providers {
+		converted[i] = idpProviderViewFromModel(provider)
+	}
+
+	return converted
+}
+
+func idpProviderViewFromModel(provider *iam_model.IDPProviderView) *management.IdpProviderView {
+	return &management.IdpProviderView{
+		IdpConfigId: provider.IDPConfigID,
+		Name:        provider.Name,
+		Type:        idpConfigTypeToModel(provider.IDPConfigType),
+	}
+}
+
+func idpConfigTypeToModel(providerType iam_model.IdpConfigType) management.IdpType {
+	switch providerType {
+	case iam_model.IDPConfigTypeOIDC:
+		return management.IdpType_IDPTYPE_OIDC
+	case iam_model.IDPConfigTypeSAML:
+		return management.IdpType_IDPTYPE_SAML
+	default:
+		return management.IdpType_IDPTYPE_UNSPECIFIED
+	}
+}
+
+func idpProviderTypeToModel(providerType management.IdpProviderType) iam_model.IDPProviderType {
+	switch providerType {
+	case management.IdpProviderType_IDPPROVIDERTYPE_SYSTEM:
+		return iam_model.IDPProviderTypeSystem
+	case management.IdpProviderType_IDPPROVIDERTYPE_ORG:
+		return iam_model.IDPProviderTypeOrg
+	default:
+		return iam_model.IDPProviderTypeSystem
+	}
+}
+
+func idpProviderTypeFromModel(providerType iam_model.IDPProviderType) management.IdpProviderType {
+	switch providerType {
+	case iam_model.IDPProviderTypeSystem:
+		return management.IdpProviderType_IDPPROVIDERTYPE_SYSTEM
+	case iam_model.IDPProviderTypeOrg:
+		return management.IdpProviderType_IDPPROVIDERTYPE_ORG
+	default:
+		return management.IdpProviderType_IDPPROVIDERTYPE_UNSPECIFIED
+	}
+}
--- a/internal/api/grpc/management/org_converter.go
+++ b/internal/api/grpc/management/org_converter.go
@@ -227,7 +227,7 @@ func orgChangesToMgtAPI(changes *org_model.OrgChanges) (_ []*management.Change)
 	return result
 }

-func orgIamPolicyFromModel(policy *org_model.OrgIamPolicy) *management.OrgIamPolicy {
+func orgIamPolicyFromModel(policy *org_model.OrgIAMPolicy) *management.OrgIamPolicy {
 	return &management.OrgIamPolicy{
 		OrgId:                 policy.AggregateID,
 		Description:           policy.Description,