Skip to content
API Reference
API Reference
Organizations
SSO Connection

Retrieve

GET/organizations/{organization_id}/sso-connection

Get SSO connection configuration for organization

Path ParametersExpand Collapse
organization_id: string

Organization ID or label identifier

minLength1
maxLength255
Query ParametersExpand Collapse
expand: optional array of "permissions" or "total_count"

Fields to expand in the response. Supports "permissions" to include the permissions field with the caller's permissions for the resource. For list organization identities only, "total_count" populates pagination.total_count with the number of identities matching the same filters as the list (excluding cursor and limit). Other operations ignore expand values they do not use.

Accepts one of the following:
"permissions"
"total_count"
Header ParametersExpand Collapse
"X-Client-Request-ID": optional string
formatuuid
ReturnsExpand Collapse
SSOConnection = object { id, client_id, client_secret_set, 5 more }

SSO connection configuration for an organization

id: string

Unique identifier for the SSO connection

client_id: string

OAuth 2.0 client ID

client_secret_set: boolean

Whether a client secret is configured

created_at: string

The time the entity was created in utc

formatdate-time
identifier: string

SSO provider identifier (e.g., issuer URL)

minLength1
maxLength2048
updated_at: string

The time the entity was mostly recently updated in utc

formatdate-time
permissions: optional map[map[boolean]]

Permissions granted to the authenticated principal for this resource. Only populated when the 'expand[]=permissions' query parameter is provided. Keys are resource types (e.g., "organizations"), values are objects mapping permission names to boolean values indicating if the permission is granted.

protocols: optional SSOConnectionProtocol { oauth2, openid }

Protocol configuration for SSO connection

oauth2: optional object { authorization_endpoint, code_challenge_methods_supported, jwks_uri, 3 more }

OAuth 2.0 protocol configuration for SSO connection

authorization_endpoint: optional string

OAuth 2.0 authorization endpoint

formaturi
code_challenge_methods_supported: optional array of string

Supported PKCE code challenge methods

jwks_uri: optional string

JSON Web Key Set endpoint

formaturi
registration_endpoint: optional string

OAuth 2.0 registration endpoint

formaturi
scopes_supported: optional array of string

Supported OAuth 2.0 scopes

token_endpoint: optional string

OAuth 2.0 token endpoint

formaturi
openid: optional object { userinfo_endpoint }

OpenID Connect protocol configuration for SSO connection

userinfo_endpoint: optional string

OpenID Connect UserInfo endpoint

formaturi

Retrieve

curl https://api.keycard.ai/organizations/$ORGANIZATION_ID/sso-connection
{
  "id": "id",
  "client_id": "client_id",
  "client_secret_set": true,
  "created_at": "2019-12-27T18:11:19.117Z",
  "identifier": "x",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "permissions": {
    "organizations": {
      "read": true,
      "update": true
    },
    "users": {
      "read": true,
      "list": true
    }
  },
  "protocols": {
    "oauth2": {
      "authorization_endpoint": "https://example.com",
      "code_challenge_methods_supported": [
        "string"
      ],
      "jwks_uri": "https://example.com",
      "registration_endpoint": "https://example.com",
      "scopes_supported": [
        "string"
      ],
      "token_endpoint": "https://example.com"
    },
    "openid": {
      "userinfo_endpoint": "https://example.com"
    }
  }
}
Returns Examples
{
  "id": "id",
  "client_id": "client_id",
  "client_secret_set": true,
  "created_at": "2019-12-27T18:11:19.117Z",
  "identifier": "x",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "permissions": {
    "organizations": {
      "read": true,
      "update": true
    },
    "users": {
      "read": true,
      "list": true
    }
  },
  "protocols": {
    "oauth2": {
      "authorization_endpoint": "https://example.com",
      "code_challenge_methods_supported": [
        "string"
      ],
      "jwks_uri": "https://example.com",
      "registration_endpoint": "https://example.com",
      "scopes_supported": [
        "string"
      ],
      "token_endpoint": "https://example.com"
    },
    "openid": {
      "userinfo_endpoint": "https://example.com"
    }
  }
}