API Reference/Management/Tenants/SSO
POST
/v1/mgmt/sso/saml

Authorization

AuthorizationRequiredBearer <token>

< Project ID >:< Management Key > as bearer

In: header

Request Body

application/jsonRequired
tenantIdstring
settingsobject
redirectUrlstring
domainsarray<string>
ssoIdstring
curl -X POST "https://api.descope.com/v1/mgmt/sso/saml" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "tenantId": "string",
    "settings": {
      "idpUrl": "string",
      "entityId": "string",
      "idpCert": "string",
      "roleMappings": [
        {
          "groups": [
            "string"
          ],
          "roleName": "string"
        }
      ],
      "attributeMapping": {
        "name": "string",
        "email": "string",
        "group": "string",
        "givenName": "string",
        "middleName": "string",
        "familyName": "string",
        "picture": "string",
        "customAttributes": {
          "property1": "string",
          "property2": "string"
        }
      },
      "spEncryptionKey": "string",
      "spSignKey": "string",
      "subjectNameIdFormat": "string",
      "spACSUrl": "string",
      "spEntityId": "string",
      "defaultSSORoles": [
        "string"
      ],
      "fgaMappings": {
        "property1": {
          "relations": [
            {
              "resource": "string",
              "relationDefinition": "string",
              "namespace": "string"
            }
          ]
        },
        "property2": {
          "relations": [
            {
              "resource": "string",
              "relationDefinition": "string",
              "namespace": "string"
            }
          ]
        }
      }
    },
    "redirectUrl": "string",
    "domains": [
      "string"
    ],
    "ssoId": "string"
  }'

OK

Was this helpful?

Get Tenant's SAML/OIDC Settings GET

### Get the current SAML/OIDC configuration settings of a tenant, using a valid management key. This API endpoint allows you to get the current SAML/OIDC configuration settings of a tenant. ### See also - See [SSO Configuration](/sso) for further details on managing SSO Configurations on a tenant. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <ProjectId:ManagementKey>`

Set Tenant's SAML Settings via Metadata URL POST

### Configure the SAML Metadata URL, using a valid management key. This API endpoint will configure the SAML Metadata URL on a tenant utilizing a valid management key. This API endpoint accepts idpMetadataURL which will be applied to the tenant under SSO Configuration section and will select the option to "Retrieve the connection details dynamically using a metadata URL" This endpoint also accepts the attribute mapping you would like to be configured on the SAML settings. This Metadata URL can can be obtained from the admin console of the identity provider. Configuring SAML via Metadata URL allows administrators to configure SAML without applying these setting manually via [Configure SAML Settings](/api/management/tenants/sso/configure-sso-saml-settings) ### See also - See [SSO Configuration](/sso) for further details on managing SSO Configurations on a tenant. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <ProjectId:ManagementKey>`