Skip to main content
PUT
/
api
/
v1
/
auth
/
sso
/
{orgId}
/
config
Configure SSO
curl --request PUT \
  --url https://uat.gateway.verify-group.io/api/v1/auth/sso/{orgId}/config \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "protocol": {},
  "enabled": true,
  "samlIdpEntityId": "<string>",
  "samlIdpSsoUrl": "<string>",
  "samlIdpCertificate": "<string>",
  "samlSignRequests": true,
  "attributeMapping": {},
  "enforcedDomains": [
    "<string>"
  ],
  "jitProvisioningEnabled": true,
  "defaultRoles": [
    "<string>"
  ],
  "oidcIssuer": "<string>",
  "oidcClientId": "<string>",
  "oidcClientSecret": "<string>",
  "oidcScopes": "<string>"
}
'
import requests

url = "https://uat.gateway.verify-group.io/api/v1/auth/sso/{orgId}/config"

payload = {
"protocol": {},
"enabled": True,
"samlIdpEntityId": "<string>",
"samlIdpSsoUrl": "<string>",
"samlIdpCertificate": "<string>",
"samlSignRequests": True,
"attributeMapping": {},
"enforcedDomains": ["<string>"],
"jitProvisioningEnabled": True,
"defaultRoles": ["<string>"],
"oidcIssuer": "<string>",
"oidcClientId": "<string>",
"oidcClientSecret": "<string>",
"oidcScopes": "<string>"
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}

response = requests.put(url, json=payload, headers=headers)

print(response.text)
const options = {
method: 'PUT',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
protocol: {},
enabled: true,
samlIdpEntityId: '<string>',
samlIdpSsoUrl: '<string>',
samlIdpCertificate: '<string>',
samlSignRequests: true,
attributeMapping: {},
enforcedDomains: ['<string>'],
jitProvisioningEnabled: true,
defaultRoles: ['<string>'],
oidcIssuer: '<string>',
oidcClientId: '<string>',
oidcClientSecret: '<string>',
oidcScopes: '<string>'
})
};

fetch('https://uat.gateway.verify-group.io/api/v1/auth/sso/{orgId}/config', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "https://uat.gateway.verify-group.io/api/v1/auth/sso/{orgId}/config",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "PUT",
CURLOPT_POSTFIELDS => json_encode([
'protocol' => [

],
'enabled' => true,
'samlIdpEntityId' => '<string>',
'samlIdpSsoUrl' => '<string>',
'samlIdpCertificate' => '<string>',
'samlSignRequests' => true,
'attributeMapping' => [

],
'enforcedDomains' => [
'<string>'
],
'jitProvisioningEnabled' => true,
'defaultRoles' => [
'<string>'
],
'oidcIssuer' => '<string>',
'oidcClientId' => '<string>',
'oidcClientSecret' => '<string>',
'oidcScopes' => '<string>'
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"strings"
"net/http"
"io"
)

func main() {

url := "https://uat.gateway.verify-group.io/api/v1/auth/sso/{orgId}/config"

payload := strings.NewReader("{\n \"protocol\": {},\n \"enabled\": true,\n \"samlIdpEntityId\": \"<string>\",\n \"samlIdpSsoUrl\": \"<string>\",\n \"samlIdpCertificate\": \"<string>\",\n \"samlSignRequests\": true,\n \"attributeMapping\": {},\n \"enforcedDomains\": [\n \"<string>\"\n ],\n \"jitProvisioningEnabled\": true,\n \"defaultRoles\": [\n \"<string>\"\n ],\n \"oidcIssuer\": \"<string>\",\n \"oidcClientId\": \"<string>\",\n \"oidcClientSecret\": \"<string>\",\n \"oidcScopes\": \"<string>\"\n}")

req, _ := http.NewRequest("PUT", url, payload)

req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.put("https://uat.gateway.verify-group.io/api/v1/auth/sso/{orgId}/config")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"protocol\": {},\n \"enabled\": true,\n \"samlIdpEntityId\": \"<string>\",\n \"samlIdpSsoUrl\": \"<string>\",\n \"samlIdpCertificate\": \"<string>\",\n \"samlSignRequests\": true,\n \"attributeMapping\": {},\n \"enforcedDomains\": [\n \"<string>\"\n ],\n \"jitProvisioningEnabled\": true,\n \"defaultRoles\": [\n \"<string>\"\n ],\n \"oidcIssuer\": \"<string>\",\n \"oidcClientId\": \"<string>\",\n \"oidcClientSecret\": \"<string>\",\n \"oidcScopes\": \"<string>\"\n}")
.asString();
require 'uri'
require 'net/http'

url = URI("https://uat.gateway.verify-group.io/api/v1/auth/sso/{orgId}/config")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Put.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"protocol\": {},\n \"enabled\": true,\n \"samlIdpEntityId\": \"<string>\",\n \"samlIdpSsoUrl\": \"<string>\",\n \"samlIdpCertificate\": \"<string>\",\n \"samlSignRequests\": true,\n \"attributeMapping\": {},\n \"enforcedDomains\": [\n \"<string>\"\n ],\n \"jitProvisioningEnabled\": true,\n \"defaultRoles\": [\n \"<string>\"\n ],\n \"oidcIssuer\": \"<string>\",\n \"oidcClientId\": \"<string>\",\n \"oidcClientSecret\": \"<string>\",\n \"oidcScopes\": \"<string>\"\n}"

response = http.request(request)
puts response.read_body
{
  "message": "<string>"
}
orgId
string
required
Your Organisation UUID.
protocol
saml | oidc
required
SSO protocol to configure.
enabled
boolean
Enable or disable SSO. Default false.
SAML-specific fields:
samlIdpEntityId
string
IdP Entity ID from the IdP metadata (e.g. https://sts.windows.net/{tenant-id}/).
samlIdpSsoUrl
string
IdP SSO URL from the app’s SAML settings (e.g. https://login.microsoftonline.com/{tenant}/saml2).
samlIdpCertificate
string
Base64-encoded X.509 certificate from the IdP (no PEM headers). Download from your IdP’s SAML signing certificate.
samlSignRequests
boolean
Sign outgoing AuthnRequests with the SP private key. Default false.
attributeMapping
object
Map IdP attribute URIs to VG fields. Example: {"email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"}
enforcedDomains
string[]
Email domains that must authenticate via SSO. Example: ["apollo.com", "apollogroup.io"]
jitProvisioningEnabled
boolean
Auto-create user accounts on first SSO login. Default true.
defaultRoles
string[]
Roles assigned to JIT-provisioned users. Default ["member"].
OIDC federation fields:
oidcIssuer
string
External OIDC IdP issuer URL (e.g. https://login.microsoftonline.com/{tenant}/v2.0).
oidcClientId
string
Client ID registered with the external IdP.
oidcClientSecret
string
Client secret (write-only — never returned).
oidcScopes
string
Space-separated scopes. Default openid profile email.
message
string
SSO configuration saved