API Reference/Management/Tenants/SSO
POST
/v1/mgmt/sso/oidc

Authorization

AuthorizationRequiredBearer <token>

< Project ID >:< Management Key > as bearer

In: header

Request Body

application/jsonRequired
tenantIdstring
settingsobject
domainsarray<string>
ssoIdstring
curl -X POST "https://api.descope.com/v1/mgmt/sso/oidc" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "tenantId": "string",
    "settings": {
      "name": "string",
      "clientId": "string",
      "clientSecret": "string",
      "redirectUrl": "string",
      "authUrl": "string",
      "tokenUrl": "string",
      "userDataUrl": "string",
      "scope": [
        "string"
      ],
      "JWKsUrl": "string",
      "userAttrMapping": {
        "loginId": "string",
        "username": "string",
        "name": "string",
        "email": "string",
        "verifiedEmail": "string",
        "verifiedPhone": "string",
        "picture": "string",
        "givenName": "string",
        "middleName": "string",
        "familyName": "string",
        "customAttributes": {
          "property1": "string",
          "property2": "string"
        }
      },
      "manageProviderTokens": true,
      "callbackDomain": "string",
      "prompt": [
        "string"
      ],
      "grantType": "string",
      "issuer": "string"
    },
    "domains": [
      "string"
    ],
    "ssoId": "string"
  }'

OK

Was this helpful?

Set Tenant's SAML Settings via Metadata URL POST

### Configure the SAML Metadata URL, using a valid management key. This API endpoint will configure the SAML Metadata URL on a tenant utilizing a valid management key. This API endpoint accepts idpMetadataURL which will be applied to the tenant under SSO Configuration section and will select the option to "Retrieve the connection details dynamically using a metadata URL" This endpoint also accepts the attribute mapping you would like to be configured on the SAML settings. This Metadata URL can can be obtained from the admin console of the identity provider. Configuring SAML via Metadata URL allows administrators to configure SAML without applying these setting manually via [Configure SAML Settings](/api/management/tenants/sso/configure-sso-saml-settings) ### See also - See [SSO Configuration](/sso) for further details on managing SSO Configurations on a tenant. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <ProjectId:ManagementKey>`

Delete Tenant's SAML/OIDC Settings DELETE

### Delete the current SAML/OIDC configuration settings of a tenant, using a valid management key. This API endpoint allows you to delete the current SAML/OIDC configuration settings of a tenant. Use this with caution as this endpoint deletes the configuration and is irreversible. ### See also - See [SSO Configuration](/sso) for further details on managing SSO Configurations on a tenant. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <ProjectId:ManagementKey>`