Authorization
Descope Project ID and Management Key AuthorizationBearer <token>
Project ID:Management Key as bearer token.
In: header
Query Parameters
tenantId?string
Load all SSO Settings for a tenant, using a valid management key.
curl -X GET "https://api.descope.com/v2/mgmt/sso/settings/all"{ "SSOSettings": [ { "tenant": { "id": "string", "name": "string", "selfProvisioningDomains": [ "string" ], "customAttributes": { "attribute-key": "attribute-value" }, "authType": "string", "domains": [ "string" ], "createdTime": 0, "disabled": true, "enforceSSO": true, "enforceSSOExclusions": [ "string" ], "federatedAppIds": [ "string" ], "parent": "string", "successors": [ "string" ], "defaultRoles": [ "string" ], "roleInheritance": "string" }, "saml": { "idpEntityId": "string", "idpSSOUrl": "string", "idpCertificate": "string", "idpMetadataUrl": "string", "spEntityId": "string", "spACSUrl": "string", "spCertificate": "string", "attributeMapping": { "name": "string", "email": "string", "username": "string", "group": "string", "givenName": "string", "middleName": "string", "familyName": "string", "picture": "string", "customAttributes": { "property1": "string", "property2": "string" }, "verifiedEmail": "string", "verifiedPhone": "string" }, "groupsMapping": [ { "role": { "id": "string", "name": "string" }, "groups": [ "string" ] } ], "redirectUrl": "string", "spSignCertificate": "string", "subjectNameIdFormat": "string", "defaultSSORoles": [ "string" ], "fgaMappings": { "property1": { "relations": [ { "resource": "string", "relationDefinition": "string", "namespace": "string" } ] }, "property2": { "relations": [ { "resource": "string", "relationDefinition": "string", "namespace": "string" } ] } }, "providerID": "string", "scimProviderID": "string", "configFGATenantIDResourcePrefix": "string", "configFGATenantIDResourceSuffix": "string", "idpAdditionalCertificates": [ "string" ], "groupsPriority": [ "string" ] }, "oidc": { "name": "string", "clientId": "string", "clientSecret": "string", "redirectUrl": "string", "authUrl": "string", "tokenUrl": "string", "userDataUrl": "string", "scope": [ "string" ], "JWKsUrl": "string", "userAttrMapping": { "loginId": "string", "username": "string", "name": "string", "email": "string", "verifiedEmail": "string", "verifiedPhone": "string", "picture": "string", "givenName": "string", "middleName": "string", "familyName": "string", "customAttributes": { "property1": "string", "property2": "string" }, "group": "string" }, "manageProviderTokens": true, "callbackDomain": "string", "prompt": [ "string" ], "grantType": "string", "issuer": "string", "groupsMapping": [ { "role": { "id": "string", "name": "string" }, "groups": [ "string" ] } ], "defaultSSORoles": [ "string" ], "fgaMappings": { "property1": { "relations": [ { "resource": "string", "relationDefinition": "string", "namespace": "string" } ] }, "property2": { "relations": [ { "resource": "string", "relationDefinition": "string", "namespace": "string" } ] } }, "roleMappings": [ { "groups": [ "string" ], "roleName": "string" } ], "providerID": "string", "scimProviderID": "string", "groupsPriority": [ "string" ] }, "ssoId": "string" } ]}export interface Response {SSOSettings?: {tenant?: {id?: stringname?: stringselfProvisioningDomains?: string[]/** * Custom attributes as key-value pairs. Keys must be strings; values can be strings, numbers, booleans, or arrays. */customAttributes?: {[k: string]: string}authType?: stringdomains?: string[]createdTime?: numberdisabled?: booleanenforceSSO?: booleanenforceSSOExclusions?: string[]federatedAppIds?: string[]parent?: stringsuccessors?: string[]defaultRoles?: string[]roleInheritance?: string}saml?: SamlSettingsResponseoidc?: {name?: stringclientId?: stringclientSecret?: stringredirectUrl?: stringauthUrl?: stringtokenUrl?: stringuserDataUrl?: stringscope?: string[]JWKsUrl?: stringuserAttrMapping?: OAuthUserDataClaimsMappingmanageProviderTokens?: booleancallbackDomain?: stringprompt?: string[]grantType?: stringissuer?: stringgroupsMapping?: {role?: RoleItemgroups?: string[]}[]defaultSSORoles?: string[]fgaMappings?: {[k: string]: {relations?: ReBACGroupsMappingRelation[]}}roleMappings?: {groups?: string[]roleName?: string}[]providerID?: stringscimProviderID?: stringgroupsPriority?: string[]}ssoId?: string}[]}export interface SamlSettingsResponse {idpEntityId?: stringidpSSOUrl?: stringidpCertificate?: stringidpMetadataUrl?: stringspEntityId?: stringspACSUrl?: stringspCertificate?: stringattributeMapping?: {name?: stringemail?: stringusername?: stringgroup?: stringgivenName?: stringmiddleName?: stringfamilyName?: stringpicture?: stringcustomAttributes?: {[k: string]: string}verifiedEmail?: stringverifiedPhone?: string}groupsMapping?: {role?: RoleItemgroups?: string[]}[]redirectUrl?: stringspSignCertificate?: stringsubjectNameIdFormat?: stringdefaultSSORoles?: string[]fgaMappings?: {[k: string]: {relations?: ReBACGroupsMappingRelation[]}}providerID?: stringscimProviderID?: stringconfigFGATenantIDResourcePrefix?: stringconfigFGATenantIDResourceSuffix?: stringidpAdditionalCertificates?: string[]groupsPriority?: string[]}export interface RoleItem {id?: stringname?: string}export interface ReBACGroupsMappingRelation {/** * Resource identifier of the relation */resource?: string/** * The name of the relation definition */relationDefinition?: string/** * The namespace of the relation definition */namespace?: string}/** * Note that this is used both in SSO settings and in OAuth settings import/export, * make sure not to change any fields which might break backwards compatibility with * existing exported project data */export interface OAuthUserDataClaimsMapping {loginId?: stringusername?: stringname?: stringemail?: stringverifiedEmail?: stringverifiedPhone?: stringpicture?: stringgivenName?: stringmiddleName?: stringfamilyName?: stringcustomAttributes?: {[k: string]: string}group?: string} Was this helpful?
Delete Tenant's SAML/OIDC Settings DELETE
### Delete the current SAML/OIDC configuration settings of a tenant, using a valid management key. This API endpoint allows you to delete the current SAML/OIDC configuration settings of a tenant. Use this with caution as this endpoint deletes the configuration and is irreversible. ### See also - See [SSO Configuration](/sso) for further details on managing SSO Configurations on a tenant.
Configure SSO Settings POST
Configure tenant SSO Redirect URL, using a valid management key.