Retrieve

GET/organizations/{organization_id}/sso-connection

Get SSO connection configuration for organization

Path ParametersExpand Collapse

organization_id: string

Organization ID or label identifier

minLength1

maxLength255

Query ParametersExpand Collapse

expand: optional array of "permissions"

Fields to expand in the response. Currently supports "permissions" to include the permissions field with the caller's permissions for the resource.

Header ParametersExpand Collapse

"X-Client-Request-ID": optional string

formatuuid

ReturnsExpand Collapse

SSOConnection = object { id, client_id, client_secret_set, 5 more }

SSO connection configuration for an organization

id: string

Unique identifier for the SSO connection

client_id: string

OAuth 2.0 client ID

client_secret_set: boolean

Whether a client secret is configured

created_at: string

The time the entity was created in utc

formatdate-time

identifier: string

SSO provider identifier (e.g., issuer URL)

minLength1

maxLength2048

updated_at: string

The time the entity was mostly recently updated in utc

formatdate-time

permissions: optional map[map[boolean]]

Permissions granted to the authenticated principal for this resource. Only populated when the 'expand[]=permissions' query parameter is provided. Keys are resource types (e.g., "organizations"), values are objects mapping permission names to boolean values indicating if the permission is granted.

protocols: optional SSOConnectionProtocol { oauth2, openid }

Protocol configuration for SSO connection

oauth2: optional object { authorization_endpoint, code_challenge_methods_supported, jwks_uri, 3 more }

OAuth 2.0 protocol configuration for SSO connection

authorization_endpoint: optional string

OAuth 2.0 authorization endpoint

formaturi

code_challenge_methods_supported: optional array of string

Supported PKCE code challenge methods

jwks_uri: optional string

JSON Web Key Set endpoint

formaturi

registration_endpoint: optional string

OAuth 2.0 registration endpoint

formaturi

scopes_supported: optional array of string

Supported OAuth 2.0 scopes

token_endpoint: optional string

OAuth 2.0 token endpoint

formaturi

openid: optional object { userinfo_endpoint }

OpenID Connect protocol configuration for SSO connection

userinfo_endpoint: optional string

OpenID Connect UserInfo endpoint

formaturi

Retrieve

curl https://api.keycard.ai/organizations/$ORGANIZATION_ID/sso-connection

{
  "id": "id",
  "client_id": "client_id",
  "client_secret_set": true,
  "created_at": "2019-12-27T18:11:19.117Z",
  "identifier": "x",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "permissions": {
    "organizations": {
      "read": true,
      "update": true
    },
    "users": {
      "read": true,
      "list": true
    }
  },
  "protocols": {
    "oauth2": {
      "authorization_endpoint": "https://example.com",
      "code_challenge_methods_supported": [
        "string"
      ],
      "jwks_uri": "https://example.com",
      "registration_endpoint": "https://example.com",
      "scopes_supported": [
        "string"
      ],
      "token_endpoint": "https://example.com"
    },
    "openid": {
      "userinfo_endpoint": "https://example.com"
    }
  }
}

Returns Examples

{
  "id": "id",
  "client_id": "client_id",
  "client_secret_set": true,
  "created_at": "2019-12-27T18:11:19.117Z",
  "identifier": "x",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "permissions": {
    "organizations": {
      "read": true,
      "update": true
    },
    "users": {
      "read": true,
      "list": true
    }
  },
  "protocols": {
    "oauth2": {
      "authorization_endpoint": "https://example.com",
      "code_challenge_methods_supported": [
        "string"
      ],
      "jwks_uri": "https://example.com",
      "registration_endpoint": "https://example.com",
      "scopes_supported": [
        "string"
      ],
      "token_endpoint": "https://example.com"
    },
    "openid": {
      "userinfo_endpoint": "https://example.com"
    }
  }
}