POST
/v1/mgmt/sso/saml

Configure the SAML Settings, using a valid management key.

This API endpoint will configure the SAML settings on a tenant utilizing a valid management key.

This API endpoint accepts idpURL, entityId, idpCert, and redirectURL which will be applied to the tenant under SSO Configuration section and will select the option to "Enter the connection details manually"

This endpoint also accepts the attribute mapping you would like to be configured on the SAML settings.

These configurations will need to be captured directly from your idp provider. The values for each field can be obtained from the admin console of the identity provider.

Alternatively, administrators can configure SAML without applying these setting manually via Configure SAML Metadata URL

See also

  • See SSO Configuration for further details on managing SSO Configurations on a tenant.

Endpoint Authentication

Use authorization bearer header with the following format:

Authorization: Bearer \<ProjectId:ManagementKey\>

Try it

/v1/mgmt/sso/saml

The Authorization access token

Authorization

Authorization
Required
Bearer <token>

< Project ID >:< Management Key > as bearer

In: header

Request Body

tenantIdstring

settingsobject

redirectUrlstring

domainsarray<string>

Status codeDescription
200OK
curl -X POST "https://api.descope.com/v1/mgmt/sso/saml" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <ProjectId:ManagementKey>" \
  -d '{
  "tenantId": "string",
  "settings": {
    "idpUrl": "string",
    "entityId": "string",
    "idpCert": "string",
    "roleMappings": [
      {
        "groups": [
          "string"
        ],
        "roleName": "string"
      }
    ],
    "attributeMapping": {
      "name": "string",
      "email": "string",
      "group": "string",
      "givenName": "string",
      "middleName": "string",
      "familyName": "string",
      "picture": "string",
      "customAttributes": {
        "property1": "string",
        "property2": "string"
      }
    },
    "spEncryptionKey": "string",
    "spSignKey": "string",
    "subjectNameIdFormat": "string",
    "spACSUrl": "string",
    "spEntityId": "string"
  },
  "redirectUrl": "string",
  "domains": [
    "string"
  ]
}'
Was this helpful?