API Reference

Organizations

SSO Connection

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Enable

POST/organizations/{organization_id}/sso-connection

Enable SSO for organization

Path ParametersExpand Collapse

organization_id: string

Organization ID or label identifier

minLength1

maxLength255

Header ParametersExpand Collapse

"X-Client-Request-ID": optional string

formatuuid

Body ParametersJSONExpand Collapse

client_id: string

OAuth 2.0 client ID

identifier: string

SSO provider identifier (e.g., issuer URL)

minLength1

maxLength2048

client_secret: optional string

OAuth 2.0 client secret (optional, will be encrypted if provided)

protocols: optional SSOConnectionProtocol { oauth2, openid }

Protocol configuration for SSO connection

oauth2: optional object { authorization_endpoint, code_challenge_methods_supported, jwks_uri, 3 more }

OAuth 2.0 protocol configuration for SSO connection

authorization_endpoint: optional string

OAuth 2.0 authorization endpoint

formaturi

code_challenge_methods_supported: optional array of string

Supported PKCE code challenge methods

jwks_uri: optional string

JSON Web Key Set endpoint

formaturi

registration_endpoint: optional string

OAuth 2.0 registration endpoint

formaturi

scopes_supported: optional array of string

Supported OAuth 2.0 scopes

token_endpoint: optional string

OAuth 2.0 token endpoint

formaturi

openid: optional object { userinfo_endpoint }

OpenID Connect protocol configuration for SSO connection

userinfo_endpoint: optional string

OpenID Connect UserInfo endpoint

formaturi

ReturnsExpand Collapse

SSOConnection = object { id, client_id, client_secret_set, 5 more }

SSO connection configuration for an organization

id: string

Unique identifier for the SSO connection

client_id: string

OAuth 2.0 client ID

client_secret_set: boolean

Whether a client secret is configured

created_at: string

The time the entity was created in utc

formatdate-time

identifier: string

SSO provider identifier (e.g., issuer URL)

minLength1

maxLength2048

updated_at: string

The time the entity was mostly recently updated in utc

formatdate-time

permissions: optional map[map[boolean]]

Permissions granted to the authenticated principal for this resource. Only populated when the 'expand[]=permissions' query parameter is provided. Keys are resource types (e.g., "organizations"), values are objects mapping permission names to boolean values indicating if the permission is granted.

protocols: optional SSOConnectionProtocol { oauth2, openid }

Protocol configuration for SSO connection

oauth2: optional object { authorization_endpoint, code_challenge_methods_supported, jwks_uri, 3 more }

OAuth 2.0 protocol configuration for SSO connection

authorization_endpoint: optional string

OAuth 2.0 authorization endpoint

formaturi

code_challenge_methods_supported: optional array of string

Supported PKCE code challenge methods

jwks_uri: optional string

JSON Web Key Set endpoint

formaturi

registration_endpoint: optional string

OAuth 2.0 registration endpoint

formaturi

scopes_supported: optional array of string

Supported OAuth 2.0 scopes

token_endpoint: optional string

OAuth 2.0 token endpoint

formaturi

openid: optional object { userinfo_endpoint }

OpenID Connect protocol configuration for SSO connection

userinfo_endpoint: optional string

OpenID Connect UserInfo endpoint

formaturi

Enable

HTTP

HTTP

TypeScript

Python

Go

curl https://api.keycard.ai/organizations/$ORGANIZATION_ID/sso-connection \
    -H 'Content-Type: application/json' \
    -d '{
          "client_id": "client_id",
          "identifier": "x"
        }'

200 example

{
  "id": "id",
  "client_id": "client_id",
  "client_secret_set": true,
  "created_at": "2019-12-27T18:11:19.117Z",
  "identifier": "x",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "permissions": {
    "organizations": {
      "read": true,
      "update": true
    },
    "users": {
      "read": true,
      "list": true
    }
  },
  "protocols": {
    "oauth2": {
      "authorization_endpoint": "https://example.com",
      "code_challenge_methods_supported": [
        "string"
      ],
      "jwks_uri": "https://example.com",
      "registration_endpoint": "https://example.com",
      "scopes_supported": [
        "string"
      ],
      "token_endpoint": "https://example.com"
    },
    "openid": {
      "userinfo_endpoint": "https://example.com"
    }
  }
}

Returns Examples

200 example

{
  "id": "id",
  "client_id": "client_id",
  "client_secret_set": true,
  "created_at": "2019-12-27T18:11:19.117Z",
  "identifier": "x",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "permissions": {
    "organizations": {
      "read": true,
      "update": true
    },
    "users": {
      "read": true,
      "list": true
    }
  },
  "protocols": {
    "oauth2": {
      "authorization_endpoint": "https://example.com",
      "code_challenge_methods_supported": [
        "string"
      ],
      "jwks_uri": "https://example.com",
      "registration_endpoint": "https://example.com",
      "scopes_supported": [
        "string"
      ],
      "token_endpoint": "https://example.com"
    },
    "openid": {
      "userinfo_endpoint": "https://example.com"
    }
  }
}