ApiSaml
Authorization
Descope Project ID AuthorizationBearer <token>
Project ID as bearer token.
In: header
Query Parameters
tenant?string
redirectUrl?string
prompt?array<string>
string
test?boolean
forceAuthn?boolean
loginHint?string
initiatedEmail?string
unsavedSaml.enabled?boolean
unsavedSaml.redirectURL?string
unsavedSaml.idpURL?string
unsavedSaml.idpMetadataURL?string
unsavedSaml.idpCert?string
unsavedSaml.entityID?string
unsavedSaml.spCert?string
unsavedSaml.signRequest?boolean
unsavedSaml.samlMappings.name?string
unsavedSaml.samlMappings.email?string
unsavedSaml.samlMappings.username?string
unsavedSaml.samlMappings.phoneNumber?string
unsavedSaml.samlMappings.group?string
unsavedSaml.samlMappings.givenName?string
unsavedSaml.samlMappings.middleName?string
unsavedSaml.samlMappings.familyName?string
unsavedSaml.samlMappings.picture?string
unsavedSaml.samlMappings.verifiedEmail?string
unsavedSaml.samlMappings.verifiedPhone?string
unsavedSaml.useMetaInfoToggle?boolean
unsavedSaml.allowSamlAuthOnly?boolean
unsavedSaml.id?string
unsavedSaml.version?string
unsavedSaml.descopeEntityId?string
unsavedSaml.tenantID?string
unsavedSaml.acsUrl?string
unsavedSaml.mergeUsers?boolean
unsavedSaml.signRequestKey?string
skip 19, was used and removed
unsavedSaml.spEncryptionKey?string
unsavedSaml.signRequestCert?string
unsavedSaml.subjectNameIdFormat?string
unsavedSaml.additional?boolean
unsavedSaml.providerID?string
unsavedSaml.configProviderId?string
The following are purely on project level, and meant for generiting link
unsavedSaml.configTemplateId?string
unsavedSaml.configExpirationTime?integer
Format
int32unsavedSaml.configExpirationTimeUnit?string
unsavedSaml.scimProviderID?string
unsavedSaml.lastSuccessTestTime?integer
Format
int32unsavedSaml.mandatoryUserAttributes?array<string>
string
unsavedSaml.defaultSSORoles?array<string>
string
unsavedSaml.configFGAMappableFeatures.types?array<string>
string
unsavedSaml.configAssumedRoles?array<string>
string
unsavedSaml.configAssumedPermissions?array<string>
string
unsavedSaml.s4StyleId?string
unsavedSaml.s4Features.scimDisabled?boolean
unsavedSaml.s4Features.ssoDomainsDisabled?boolean
unsavedSaml.s4Features.groupMappingDisabled?boolean
unsavedSaml.s4Features.samlDisabled?boolean
unsavedSaml.s4Features.oidcDisabled?boolean
unsavedSaml.s4Features.jitGuideDisabled?boolean
unsavedSaml.lockedTenantId?string
unsavedSaml.s4DisableUserMappingCreate?boolean
unsavedSaml.useTenantLevelS4Configs?boolean
unsavedSaml.forceDomainVerification?boolean
unsavedSaml.configFGATenantIDResourcePrefix?string
unsavedSaml.configFGATenantIDResourceSuffix?string
unsavedSaml.allowDuplicateSSODomainsInOtherTenants?boolean
unsavedSaml.idpCerts?array<string>
string
unsavedSaml.allowOverrideRoles?boolean
unsavedSaml.groupPriorityEnabled?boolean
unsavedSaml.blockIfEmailDomainMismatch?boolean
unsavedSaml.markEmailAsUnverified?boolean
unsavedSaml.s4ShowHelpContact?boolean
unsavedSaml.s4SupportEmail?string
unsavedOauth.enabled?boolean
unsavedOauth.redirectURL?string
unsavedOauth.id?string
unsavedOauth.version?string
unsavedOauth.ssoMergeUsers?boolean
unsavedOauth.additional?boolean
unsavedOauth.mandatoryUserAttributes?array<string>
string
unsavedOauth.lockedTenantId?string
unsavedOauth.allowOverrideRoles?boolean
unsavedOauth.groupPriorityEnabled?boolean
unsavedOauth.blockIfEmailDomainMismatch?boolean
unsavedOauth.markEmailAsUnverified?boolean
Request Body
application/json
stepup?boolean
Default
falsecustomClaims?object
Custom claims to include in the JWT as key-value pairs. Keys must be strings; values can be strings, numbers, or booleans.
Example
{
"claim-name": "claim-value"
}mfa?boolean
Default
falsessoAppId?string
templateOptions?object
locale?string
pkceChallenge?string
relevant only for enchanted links in the point in time - other methods will ignore this field
Format
bytesrevokeOtherSessions?boolean
revokeOtherSessionsTypes?array<string>
string
tenantId?string
Creating SAML redirect URI
curl -X POST "https://api.descope.com/v1/auth/saml/authorize" \ -H "Content-Type: application/json" \ -d '{}'{ "url": "string"}export interface Response {url?: string} Was this helpful?