POST
/v1/mgmt/sso/saml/metadata

Authorization

AuthorizationRequiredBearer <token>

< Project ID >:< Management Key > as bearer

In: header

Request Body

application/jsonRequired
tenantIdstring
settingsobject
redirectUrlstring
domainsarray<string>
ssoIdstring
curl -X POST "https://api.descope.com/v1/mgmt/sso/saml/metadata" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "tenantId": "string",
    "settings": {
      "idpMetadataUrl": "string",
      "roleMappings": [
        {
          "groups": [
            "string"
          ],
          "roleName": "string"
        }
      ],
      "attributeMapping": {
        "name": "string",
        "email": "string",
        "group": "string",
        "givenName": "string",
        "middleName": "string",
        "familyName": "string",
        "picture": "string",
        "customAttributes": {
          "property1": "string",
          "property2": "string"
        }
      },
      "spEncryptionKey": "string",
      "spSignKey": "string",
      "subjectNameIdFormat": "string",
      "spACSUrl": "string",
      "spEntityId": "string",
      "defaultSSORoles": [
        "string"
      ],
      "fgaMappings": {
        "property1": {
          "relations": [
            {
              "resource": "string",
              "relationDefinition": "string",
              "namespace": "string"
            }
          ]
        },
        "property2": {
          "relations": [
            {
              "resource": "string",
              "relationDefinition": "string",
              "namespace": "string"
            }
          ]
        }
      }
    },
    "redirectUrl": "string",
    "domains": [
      "string"
    ],
    "ssoId": "string"
  }'

OK

Was this helpful?

Set Tenant's SAML Settings POST

### Configure the SAML Settings, using a valid management key. This API endpoint will configure the SAML settings on a tenant utilizing a valid management key. This API endpoint accepts idpURL, entityId, idpCert, and redirectURL which will be applied to the tenant under SSO Configuration section and will select the option to "Enter the connection details manually" This endpoint also accepts the attribute mapping you would like to be configured on the SAML settings. These configurations will need to be captured directly from your idp provider. The values for each field can be obtained from the admin console of the identity provider. Alternatively, administrators can configure SAML without applying these setting manually via [Configure SAML Metadata URL](/api/management/tenants/sso/configure-sso-saml-settings-by-metadata) ### See also - See [SSO Configuration](/sso) for further details on managing SSO Configurations on a tenant. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <ProjectId:ManagementKey>`

Set Tenant's OIDC Settings POST

### Configure the OIDC settings of a tenant, using a valid management key. This API endpoint will configure the OIDC settings on a tenant utilizing a valid management key. This endpoint accepts the OIDC configuration settings as well as the attribute mapping you would like to be configured on the SAML settings. ### See also - See [SSO Configuration](/sso) for further details on managing SSO Configurations on a tenant. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <ProjectId:ManagementKey>`