Skip to content
API Reference
API Reference
Organizations
SSO Connection

Retrieve

organizations.sso_connection.retrieve(strorganization_id, SSOConnectionRetrieveParams**kwargs) -> SSOConnection
GET/organizations/{organization_id}/sso-connection

Get SSO connection configuration for organization

ParametersExpand Collapse
organization_id: str

Organization ID or label identifier

minLength1
maxLength255
expand: Optional[List[Literal["permissions", "total_count"]]]

Fields to expand in the response. Supports "permissions" to include the permissions field with the caller's permissions for the resource. For list organization identities only, "total_count" populates pagination.total_count with the number of identities matching the same filters as the list (excluding cursor and limit). Other operations ignore expand values they do not use.

Accepts one of the following:
"permissions"
"total_count"
x_client_request_id: Optional[str]
formatuuid
ReturnsExpand Collapse
class SSOConnection:

SSO connection configuration for an organization

id: str

Unique identifier for the SSO connection

client_id: Optional[str]

OAuth 2.0 client ID

client_secret_set: bool

Whether a client secret is configured

created_at: datetime

The time the entity was created in utc

formatdate-time
identifier: str

SSO provider identifier (e.g., issuer URL)

minLength1
maxLength2048
updated_at: datetime

The time the entity was mostly recently updated in utc

formatdate-time
permissions: Optional[Dict[str, Dict[str, bool]]]

Permissions granted to the authenticated principal for this resource. Only populated when the 'expand[]=permissions' query parameter is provided. Keys are resource types (e.g., "organizations"), values are objects mapping permission names to boolean values indicating if the permission is granted.

protocols: Optional[SSOConnectionProtocol]

Protocol configuration for SSO connection

oauth2: Optional[Oauth2]

OAuth 2.0 protocol configuration for SSO connection

authorization_endpoint: Optional[str]

OAuth 2.0 authorization endpoint

formaturi
code_challenge_methods_supported: Optional[List[str]]

Supported PKCE code challenge methods

jwks_uri: Optional[str]

JSON Web Key Set endpoint

formaturi
registration_endpoint: Optional[str]

OAuth 2.0 registration endpoint

formaturi
scopes_supported: Optional[List[str]]

Supported OAuth 2.0 scopes

token_endpoint: Optional[str]

OAuth 2.0 token endpoint

formaturi
openid: Optional[Openid]

OpenID Connect protocol configuration for SSO connection

userinfo_endpoint: Optional[str]

OpenID Connect UserInfo endpoint

formaturi

Retrieve

from keycardai_api import KeycardAPI

client = KeycardAPI()
sso_connection = client.organizations.sso_connection.retrieve(
    organization_id="x",
)
print(sso_connection.id)
{
  "id": "id",
  "client_id": "client_id",
  "client_secret_set": true,
  "created_at": "2019-12-27T18:11:19.117Z",
  "identifier": "x",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "permissions": {
    "organizations": {
      "read": true,
      "update": true
    },
    "users": {
      "read": true,
      "list": true
    }
  },
  "protocols": {
    "oauth2": {
      "authorization_endpoint": "https://example.com",
      "code_challenge_methods_supported": [
        "string"
      ],
      "jwks_uri": "https://example.com",
      "registration_endpoint": "https://example.com",
      "scopes_supported": [
        "string"
      ],
      "token_endpoint": "https://example.com"
    },
    "openid": {
      "userinfo_endpoint": "https://example.com"
    }
  }
}
Returns Examples
{
  "id": "id",
  "client_id": "client_id",
  "client_secret_set": true,
  "created_at": "2019-12-27T18:11:19.117Z",
  "identifier": "x",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "permissions": {
    "organizations": {
      "read": true,
      "update": true
    },
    "users": {
      "read": true,
      "list": true
    }
  },
  "protocols": {
    "oauth2": {
      "authorization_endpoint": "https://example.com",
      "code_challenge_methods_supported": [
        "string"
      ],
      "jwks_uri": "https://example.com",
      "registration_endpoint": "https://example.com",
      "scopes_supported": [
        "string"
      ],
      "token_endpoint": "https://example.com"
    },
    "openid": {
      "userinfo_endpoint": "https://example.com"
    }
  }
}