Enterprise SSO
Configure SSO
Create or update the SSO configuration for an organisation. Supports SAML 2.0 and OIDC federation.
PUT
/
api
/
v1
/
auth
/
sso
/
{orgId}
/
config
Configure SSO
curl --request PUT \
--url https://uat.gateway.verify-group.io/api/v1/auth/sso/{orgId}/config \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"protocol": {},
"enabled": true,
"samlIdpEntityId": "<string>",
"samlIdpSsoUrl": "<string>",
"samlIdpCertificate": "<string>",
"samlSignRequests": true,
"attributeMapping": {},
"enforcedDomains": [
"<string>"
],
"jitProvisioningEnabled": true,
"defaultRoles": [
"<string>"
],
"oidcIssuer": "<string>",
"oidcClientId": "<string>",
"oidcClientSecret": "<string>",
"oidcScopes": "<string>"
}
'import requests
url = "https://uat.gateway.verify-group.io/api/v1/auth/sso/{orgId}/config"
payload = {
"protocol": {},
"enabled": True,
"samlIdpEntityId": "<string>",
"samlIdpSsoUrl": "<string>",
"samlIdpCertificate": "<string>",
"samlSignRequests": True,
"attributeMapping": {},
"enforcedDomains": ["<string>"],
"jitProvisioningEnabled": True,
"defaultRoles": ["<string>"],
"oidcIssuer": "<string>",
"oidcClientId": "<string>",
"oidcClientSecret": "<string>",
"oidcScopes": "<string>"
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.put(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'PUT',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
protocol: {},
enabled: true,
samlIdpEntityId: '<string>',
samlIdpSsoUrl: '<string>',
samlIdpCertificate: '<string>',
samlSignRequests: true,
attributeMapping: {},
enforcedDomains: ['<string>'],
jitProvisioningEnabled: true,
defaultRoles: ['<string>'],
oidcIssuer: '<string>',
oidcClientId: '<string>',
oidcClientSecret: '<string>',
oidcScopes: '<string>'
})
};
fetch('https://uat.gateway.verify-group.io/api/v1/auth/sso/{orgId}/config', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://uat.gateway.verify-group.io/api/v1/auth/sso/{orgId}/config",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "PUT",
CURLOPT_POSTFIELDS => json_encode([
'protocol' => [
],
'enabled' => true,
'samlIdpEntityId' => '<string>',
'samlIdpSsoUrl' => '<string>',
'samlIdpCertificate' => '<string>',
'samlSignRequests' => true,
'attributeMapping' => [
],
'enforcedDomains' => [
'<string>'
],
'jitProvisioningEnabled' => true,
'defaultRoles' => [
'<string>'
],
'oidcIssuer' => '<string>',
'oidcClientId' => '<string>',
'oidcClientSecret' => '<string>',
'oidcScopes' => '<string>'
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://uat.gateway.verify-group.io/api/v1/auth/sso/{orgId}/config"
payload := strings.NewReader("{\n \"protocol\": {},\n \"enabled\": true,\n \"samlIdpEntityId\": \"<string>\",\n \"samlIdpSsoUrl\": \"<string>\",\n \"samlIdpCertificate\": \"<string>\",\n \"samlSignRequests\": true,\n \"attributeMapping\": {},\n \"enforcedDomains\": [\n \"<string>\"\n ],\n \"jitProvisioningEnabled\": true,\n \"defaultRoles\": [\n \"<string>\"\n ],\n \"oidcIssuer\": \"<string>\",\n \"oidcClientId\": \"<string>\",\n \"oidcClientSecret\": \"<string>\",\n \"oidcScopes\": \"<string>\"\n}")
req, _ := http.NewRequest("PUT", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.put("https://uat.gateway.verify-group.io/api/v1/auth/sso/{orgId}/config")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"protocol\": {},\n \"enabled\": true,\n \"samlIdpEntityId\": \"<string>\",\n \"samlIdpSsoUrl\": \"<string>\",\n \"samlIdpCertificate\": \"<string>\",\n \"samlSignRequests\": true,\n \"attributeMapping\": {},\n \"enforcedDomains\": [\n \"<string>\"\n ],\n \"jitProvisioningEnabled\": true,\n \"defaultRoles\": [\n \"<string>\"\n ],\n \"oidcIssuer\": \"<string>\",\n \"oidcClientId\": \"<string>\",\n \"oidcClientSecret\": \"<string>\",\n \"oidcScopes\": \"<string>\"\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://uat.gateway.verify-group.io/api/v1/auth/sso/{orgId}/config")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Put.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"protocol\": {},\n \"enabled\": true,\n \"samlIdpEntityId\": \"<string>\",\n \"samlIdpSsoUrl\": \"<string>\",\n \"samlIdpCertificate\": \"<string>\",\n \"samlSignRequests\": true,\n \"attributeMapping\": {},\n \"enforcedDomains\": [\n \"<string>\"\n ],\n \"jitProvisioningEnabled\": true,\n \"defaultRoles\": [\n \"<string>\"\n ],\n \"oidcIssuer\": \"<string>\",\n \"oidcClientId\": \"<string>\",\n \"oidcClientSecret\": \"<string>\",\n \"oidcScopes\": \"<string>\"\n}"
response = http.request(request)
puts response.read_body{
"message": "<string>"
}Your Organisation UUID.
SSO protocol to configure.
Enable or disable SSO. Default
false.IdP Entity ID from the IdP metadata (e.g.
https://sts.windows.net/{tenant-id}/).IdP SSO URL from the app’s SAML settings (e.g.
https://login.microsoftonline.com/{tenant}/saml2).Base64-encoded X.509 certificate from the IdP (no PEM headers). Download from your IdP’s SAML signing certificate.
Sign outgoing AuthnRequests with the SP private key. Default
false.Map IdP attribute URIs to VG fields. Example:
{"email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"}Email domains that must authenticate via SSO. Example:
["apollo.com", "apollogroup.io"]Auto-create user accounts on first SSO login. Default
true.Roles assigned to JIT-provisioned users. Default
["member"].External OIDC IdP issuer URL (e.g.
https://login.microsoftonline.com/{tenant}/v2.0).Client ID registered with the external IdP.
Client secret (write-only — never returned).
Space-separated scopes. Default
openid profile email.SSO configuration savedPrevious
Get SSO ConfigurationReturns the current SSO configuration for an organisation. Secrets (private keys, client secrets) are never returned.
Next
⌘I
Configure SSO
curl --request PUT \
--url https://uat.gateway.verify-group.io/api/v1/auth/sso/{orgId}/config \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"protocol": {},
"enabled": true,
"samlIdpEntityId": "<string>",
"samlIdpSsoUrl": "<string>",
"samlIdpCertificate": "<string>",
"samlSignRequests": true,
"attributeMapping": {},
"enforcedDomains": [
"<string>"
],
"jitProvisioningEnabled": true,
"defaultRoles": [
"<string>"
],
"oidcIssuer": "<string>",
"oidcClientId": "<string>",
"oidcClientSecret": "<string>",
"oidcScopes": "<string>"
}
'import requests
url = "https://uat.gateway.verify-group.io/api/v1/auth/sso/{orgId}/config"
payload = {
"protocol": {},
"enabled": True,
"samlIdpEntityId": "<string>",
"samlIdpSsoUrl": "<string>",
"samlIdpCertificate": "<string>",
"samlSignRequests": True,
"attributeMapping": {},
"enforcedDomains": ["<string>"],
"jitProvisioningEnabled": True,
"defaultRoles": ["<string>"],
"oidcIssuer": "<string>",
"oidcClientId": "<string>",
"oidcClientSecret": "<string>",
"oidcScopes": "<string>"
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.put(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'PUT',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
protocol: {},
enabled: true,
samlIdpEntityId: '<string>',
samlIdpSsoUrl: '<string>',
samlIdpCertificate: '<string>',
samlSignRequests: true,
attributeMapping: {},
enforcedDomains: ['<string>'],
jitProvisioningEnabled: true,
defaultRoles: ['<string>'],
oidcIssuer: '<string>',
oidcClientId: '<string>',
oidcClientSecret: '<string>',
oidcScopes: '<string>'
})
};
fetch('https://uat.gateway.verify-group.io/api/v1/auth/sso/{orgId}/config', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://uat.gateway.verify-group.io/api/v1/auth/sso/{orgId}/config",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "PUT",
CURLOPT_POSTFIELDS => json_encode([
'protocol' => [
],
'enabled' => true,
'samlIdpEntityId' => '<string>',
'samlIdpSsoUrl' => '<string>',
'samlIdpCertificate' => '<string>',
'samlSignRequests' => true,
'attributeMapping' => [
],
'enforcedDomains' => [
'<string>'
],
'jitProvisioningEnabled' => true,
'defaultRoles' => [
'<string>'
],
'oidcIssuer' => '<string>',
'oidcClientId' => '<string>',
'oidcClientSecret' => '<string>',
'oidcScopes' => '<string>'
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://uat.gateway.verify-group.io/api/v1/auth/sso/{orgId}/config"
payload := strings.NewReader("{\n \"protocol\": {},\n \"enabled\": true,\n \"samlIdpEntityId\": \"<string>\",\n \"samlIdpSsoUrl\": \"<string>\",\n \"samlIdpCertificate\": \"<string>\",\n \"samlSignRequests\": true,\n \"attributeMapping\": {},\n \"enforcedDomains\": [\n \"<string>\"\n ],\n \"jitProvisioningEnabled\": true,\n \"defaultRoles\": [\n \"<string>\"\n ],\n \"oidcIssuer\": \"<string>\",\n \"oidcClientId\": \"<string>\",\n \"oidcClientSecret\": \"<string>\",\n \"oidcScopes\": \"<string>\"\n}")
req, _ := http.NewRequest("PUT", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.put("https://uat.gateway.verify-group.io/api/v1/auth/sso/{orgId}/config")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"protocol\": {},\n \"enabled\": true,\n \"samlIdpEntityId\": \"<string>\",\n \"samlIdpSsoUrl\": \"<string>\",\n \"samlIdpCertificate\": \"<string>\",\n \"samlSignRequests\": true,\n \"attributeMapping\": {},\n \"enforcedDomains\": [\n \"<string>\"\n ],\n \"jitProvisioningEnabled\": true,\n \"defaultRoles\": [\n \"<string>\"\n ],\n \"oidcIssuer\": \"<string>\",\n \"oidcClientId\": \"<string>\",\n \"oidcClientSecret\": \"<string>\",\n \"oidcScopes\": \"<string>\"\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://uat.gateway.verify-group.io/api/v1/auth/sso/{orgId}/config")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Put.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"protocol\": {},\n \"enabled\": true,\n \"samlIdpEntityId\": \"<string>\",\n \"samlIdpSsoUrl\": \"<string>\",\n \"samlIdpCertificate\": \"<string>\",\n \"samlSignRequests\": true,\n \"attributeMapping\": {},\n \"enforcedDomains\": [\n \"<string>\"\n ],\n \"jitProvisioningEnabled\": true,\n \"defaultRoles\": [\n \"<string>\"\n ],\n \"oidcIssuer\": \"<string>\",\n \"oidcClientId\": \"<string>\",\n \"oidcClientSecret\": \"<string>\",\n \"oidcScopes\": \"<string>\"\n}"
response = http.request(request)
puts response.read_body{
"message": "<string>"
}