POST
/v1/mgmt/sso/saml/metadata

Configure the SAML Metadata URL, using a valid management key.

This API endpoint will configure the SAML Metadata URL on a tenant utilizing a valid management key.

This API endpoint accepts idpMetadataURL which will be applied to the tenant under SSO Configuration section and will select the option to "Retrieve the connection details dynamically using a metadata URL"

This endpoint also accepts the attribute mapping you would like to be configured on the SAML settings.

This Metadata URL can can be obtained from the admin console of the identity provider. Configuring SAML via Metadata URL allows administrators to configure SAML without applying these setting manually via Configure SAML Settings

See also

  • See SSO Configuration for further details on managing SSO Configurations on a tenant.

Endpoint Authentication

Use authorization bearer header with the following format:

Authorization: Bearer \<ProjectId:ManagementKey\>

Try it

/v1/mgmt/sso/saml/metadata

The Authorization access token

Authorization

Authorization
Required
Bearer <token>

< Project ID >:< Management Key > as bearer

In: header

Request Body

tenantIdstring

settingsobject

redirectUrlstring

domainsarray<string>

Status codeDescription
200OK
curl -X POST "https://api.descope.com/v1/mgmt/sso/saml/metadata" \
  -d '{
  "tenantId": "string",
  "settings": {
    "idpMetadataUrl": "string",
    "roleMappings": [
      {
        "groups": [
          "string"
        ],
        "roleName": "string"
      }
    ],
    "attributeMapping": {
      "name": "string",
      "email": "string",
      "group": "string",
      "givenName": "string",
      "middleName": "string",
      "familyName": "string",
      "picture": "string",
      "customAttributes": {
        "property1": "string",
        "property2": "string"
      }
    },
    "spEncryptionKey": "string",
    "spSignKey": "string",
    "subjectNameIdFormat": "string"
  },
  "redirectUrl": "string",
  "domains": [
    "string"
  ]
}'
Was this helpful?