Skip to main content
POST
/
v1
/
sso
/
connections
Create SSO Connection
curl --request POST \
  --url https://grantex-auth-dd4mtrt2gq-uc.a.run.app/v1/sso/connections \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "protocol": "oidc",
  "issuerUrl": "<string>",
  "clientId": "<string>",
  "clientSecret": "<string>",
  "idpEntityId": "<string>",
  "idpSsoUrl": "<string>",
  "idpCertificate": "<string>",
  "spEntityId": "<string>",
  "spAcsUrl": "<string>",
  "domains": [
    "<string>"
  ],
  "jitProvisioning": false,
  "enforce": false,
  "groupAttribute": "<string>",
  "groupMappings": {},
  "defaultScopes": [
    "<string>"
  ]
}
'
{
  "id": "<string>",
  "developerId": "<string>",
  "name": "<string>",
  "protocol": "oidc",
  "issuerUrl": "<string>",
  "clientId": "<string>",
  "idpEntityId": "<string>",
  "idpSsoUrl": "<string>",
  "spEntityId": "<string>",
  "spAcsUrl": "<string>",
  "domains": [
    "<string>"
  ],
  "jitProvisioning": true,
  "enforce": true,
  "groupAttribute": "<string>",
  "groupMappings": {},
  "defaultScopes": [
    "<string>"
  ],
  "createdAt": "2023-11-07T05:31:56Z",
  "updatedAt": "2023-11-07T05:31:56Z"
}

Authorizations

Authorization
string
header
required

Developer API key

Body

application/json
name
string
required

Human-readable connection name

protocol
enum<string>
required

SSO protocol

Available options:
oidc,
saml
issuerUrl
string<uri>

OIDC issuer URL (required for OIDC)

clientId
string

OIDC client ID (required for OIDC)

clientSecret
string

OIDC client secret (required for OIDC)

idpEntityId
string

SAML IdP entity ID (required for SAML)

idpSsoUrl
string<uri>

SAML IdP SSO URL (required for SAML)

idpCertificate
string

SAML IdP X.509 certificate PEM (required for SAML)

spEntityId
string

SAML SP entity ID

spAcsUrl
string<uri>

SAML SP Assertion Consumer Service URL

domains
string[]

Email domains to route to this connection

jitProvisioning
boolean
default:false

Enable just-in-time user provisioning

enforce
boolean
default:false

Enforce SSO for this connection

groupAttribute
string

OIDC claim or SAML attribute containing group names

groupMappings
object

Map of IdP group names to Grantex scope arrays

defaultScopes
string[]

Fallback scopes when no groups match

Response

SSO connection created

id
string

SSO connection ID

developerId
string
name
string
protocol
enum<string>
Available options:
oidc,
saml
issuerUrl
string
clientId
string
idpEntityId
string
idpSsoUrl
string
spEntityId
string
spAcsUrl
string
domains
string[]
jitProvisioning
boolean
enforce
boolean
groupAttribute
string
groupMappings
object
defaultScopes
string[]
createdAt
string<date-time>
updatedAt
string<date-time>