API Reference

Organizations

SSO Connection

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Enable

organizations.sso_connection.enable(strorganization_id, SSOConnectionEnableParams**kwargs) -> SSOConnection

POST/organizations/{organization_id}/sso-connection

Enable SSO for organization

ParametersExpand Collapse

organization_id: str

Organization ID or label identifier

minLength1

maxLength255

client_id: str

OAuth 2.0 client ID

identifier: str

SSO provider identifier (e.g., issuer URL)

minLength1

maxLength2048

client_secret: Optional[str]

OAuth 2.0 client secret (optional, will be encrypted if provided)

protocols: Optional[SSOConnectionProtocolParam]

Protocol configuration for SSO connection

oauth2: Optional[Oauth2]

OAuth 2.0 protocol configuration for SSO connection

authorization_endpoint: Optional[str]

OAuth 2.0 authorization endpoint

formaturi

code_challenge_methods_supported: Optional[List[str]]

Supported PKCE code challenge methods

jwks_uri: Optional[str]

JSON Web Key Set endpoint

formaturi

registration_endpoint: Optional[str]

OAuth 2.0 registration endpoint

formaturi

scopes_supported: Optional[List[str]]

Supported OAuth 2.0 scopes

token_endpoint: Optional[str]

OAuth 2.0 token endpoint

formaturi

openid: Optional[Openid]

OpenID Connect protocol configuration for SSO connection

userinfo_endpoint: Optional[str]

OpenID Connect UserInfo endpoint

formaturi

x_client_request_id: Optional[str]

formatuuid

ReturnsExpand Collapse

class SSOConnection: …

SSO connection configuration for an organization

id: str

Unique identifier for the SSO connection

client_id: Optional[str]

OAuth 2.0 client ID

client_secret_set: bool

Whether a client secret is configured

created_at: datetime

The time the entity was created in utc

formatdate-time

identifier: str

SSO provider identifier (e.g., issuer URL)

minLength1

maxLength2048

updated_at: datetime

The time the entity was mostly recently updated in utc

formatdate-time

permissions: Optional[Dict[str, Dict[str, bool]]]

Permissions granted to the authenticated principal for this resource. Only populated when the 'expand[]=permissions' query parameter is provided. Keys are resource types (e.g., "organizations"), values are objects mapping permission names to boolean values indicating if the permission is granted.

protocols: Optional[SSOConnectionProtocol]

Protocol configuration for SSO connection

oauth2: Optional[Oauth2]

OAuth 2.0 protocol configuration for SSO connection

authorization_endpoint: Optional[str]

OAuth 2.0 authorization endpoint

formaturi

code_challenge_methods_supported: Optional[List[str]]

Supported PKCE code challenge methods

jwks_uri: Optional[str]

JSON Web Key Set endpoint

formaturi

registration_endpoint: Optional[str]

OAuth 2.0 registration endpoint

formaturi

scopes_supported: Optional[List[str]]

Supported OAuth 2.0 scopes

token_endpoint: Optional[str]

OAuth 2.0 token endpoint

formaturi

openid: Optional[Openid]

OpenID Connect protocol configuration for SSO connection

userinfo_endpoint: Optional[str]

OpenID Connect UserInfo endpoint

formaturi

Enable

Python

HTTP

TypeScript

Python

Go

from keycardai_api import KeycardAPI

client = KeycardAPI()
sso_connection = client.organizations.sso_connection.enable(
    organization_id="x",
    client_id="client_id",
    identifier="x",
)
print(sso_connection.id)

200 example

{
  "id": "id",
  "client_id": "client_id",
  "client_secret_set": true,
  "created_at": "2019-12-27T18:11:19.117Z",
  "identifier": "x",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "permissions": {
    "organizations": {
      "read": true,
      "update": true
    },
    "users": {
      "read": true,
      "list": true
    }
  },
  "protocols": {
    "oauth2": {
      "authorization_endpoint": "https://example.com",
      "code_challenge_methods_supported": [
        "string"
      ],
      "jwks_uri": "https://example.com",
      "registration_endpoint": "https://example.com",
      "scopes_supported": [
        "string"
      ],
      "token_endpoint": "https://example.com"
    },
    "openid": {
      "userinfo_endpoint": "https://example.com"
    }
  }
}

Returns Examples

200 example

{
  "id": "id",
  "client_id": "client_id",
  "client_secret_set": true,
  "created_at": "2019-12-27T18:11:19.117Z",
  "identifier": "x",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "permissions": {
    "organizations": {
      "read": true,
      "update": true
    },
    "users": {
      "read": true,
      "list": true
    }
  },
  "protocols": {
    "oauth2": {
      "authorization_endpoint": "https://example.com",
      "code_challenge_methods_supported": [
        "string"
      ],
      "jwks_uri": "https://example.com",
      "registration_endpoint": "https://example.com",
      "scopes_supported": [
        "string"
      ],
      "token_endpoint": "https://example.com"
    },
    "openid": {
      "userinfo_endpoint": "https://example.com"
    }
  }
}