Skip to content
Docs
SSO Connection
Enable

Enable

API Reference
Organizations
SSO Connection

Enable

client.organizations.ssoConnection.enable(stringorganizationID, SSOConnectionEnableParams { client_id, identifier, client_secret, 2 more } params, RequestOptionsoptions?): SSOConnection { id, client_id, client_secret_set, 5 more }
POST/organizations/{organization_id}/sso-connection

Enable SSO for organization

ParametersExpand Collapse
organizationID: string

Organization ID or label identifier

minLength1
maxLength255
params: SSOConnectionEnableParams { client_id, identifier, client_secret, 2 more }
client_id: string

Body param: OAuth 2.0 client ID

identifier: string

Body param: SSO provider identifier (e.g., issuer URL)

minLength1
maxLength2048
client_secret?: string

Body param: OAuth 2.0 client secret (optional, will be encrypted if provided)

protocols?: SSOConnectionProtocol { oauth2, openid } | null

Body param: Protocol configuration for SSO connection

oauth2?: Oauth2 | null

OAuth 2.0 protocol configuration for SSO connection

authorization_endpoint?: string | null

OAuth 2.0 authorization endpoint

formaturi
code_challenge_methods_supported?: Array<string> | null

Supported PKCE code challenge methods

jwks_uri?: string | null

JSON Web Key Set endpoint

formaturi
registration_endpoint?: string | null

OAuth 2.0 registration endpoint

formaturi
scopes_supported?: Array<string> | null

Supported OAuth 2.0 scopes

token_endpoint?: string | null

OAuth 2.0 token endpoint

formaturi
openid?: Openid | null

OpenID Connect protocol configuration for SSO connection

userinfo_endpoint?: string | null

OpenID Connect UserInfo endpoint

formaturi
xClientRequestID?: string

Header param: Unique request identifier specified by the originating caller and passed along by proxies.

formatuuid
ReturnsExpand Collapse
SSOConnection { id, client_id, client_secret_set, 5 more }

SSO connection configuration for an organization

id: string

Unique identifier for the SSO connection

client_id: string | null

OAuth 2.0 client ID

client_secret_set: boolean

Whether a client secret is configured

created_at: string

The time the entity was created in utc

formatdate-time
identifier: string

SSO provider identifier (e.g., issuer URL)

minLength1
maxLength2048
updated_at: string

The time the entity was mostly recently updated in utc

formatdate-time
permissions?: Record<string, Record<string, boolean>>

Permissions granted to the authenticated principal for this resource. Only populated when the 'expand[]=permissions' query parameter is provided. Keys are resource types (e.g., "organizations"), values are objects mapping permission names to boolean values indicating if the permission is granted.

protocols?: SSOConnectionProtocol { oauth2, openid } | null

Protocol configuration for SSO connection

oauth2?: Oauth2 | null

OAuth 2.0 protocol configuration for SSO connection

authorization_endpoint?: string | null

OAuth 2.0 authorization endpoint

formaturi
code_challenge_methods_supported?: Array<string> | null

Supported PKCE code challenge methods

jwks_uri?: string | null

JSON Web Key Set endpoint

formaturi
registration_endpoint?: string | null

OAuth 2.0 registration endpoint

formaturi
scopes_supported?: Array<string> | null

Supported OAuth 2.0 scopes

token_endpoint?: string | null

OAuth 2.0 token endpoint

formaturi
openid?: Openid | null

OpenID Connect protocol configuration for SSO connection

userinfo_endpoint?: string | null

OpenID Connect UserInfo endpoint

formaturi

Enable

import KeycardAPI from '@keycardai/api';

const client = new KeycardAPI();

const ssoConnection = await client.organizations.ssoConnection.enable('x', {
  client_id: 'client_id',
  identifier: 'x',
});

console.log(ssoConnection.id);
{
  "id": "id",
  "client_id": "client_id",
  "client_secret_set": true,
  "created_at": "2019-12-27T18:11:19.117Z",
  "identifier": "x",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "permissions": {
    "organizations": {
      "read": true,
      "update": true
    },
    "users": {
      "read": true,
      "list": true
    }
  },
  "protocols": {
    "oauth2": {
      "authorization_endpoint": "https://example.com",
      "code_challenge_methods_supported": [
        "string"
      ],
      "jwks_uri": "https://example.com",
      "registration_endpoint": "https://example.com",
      "scopes_supported": [
        "string"
      ],
      "token_endpoint": "https://example.com"
    },
    "openid": {
      "userinfo_endpoint": "https://example.com"
    }
  }
}
Returns Examples
{
  "id": "id",
  "client_id": "client_id",
  "client_secret_set": true,
  "created_at": "2019-12-27T18:11:19.117Z",
  "identifier": "x",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "permissions": {
    "organizations": {
      "read": true,
      "update": true
    },
    "users": {
      "read": true,
      "list": true
    }
  },
  "protocols": {
    "oauth2": {
      "authorization_endpoint": "https://example.com",
      "code_challenge_methods_supported": [
        "string"
      ],
      "jwks_uri": "https://example.com",
      "registration_endpoint": "https://example.com",
      "scopes_supported": [
        "string"
      ],
      "token_endpoint": "https://example.com"
    },
    "openid": {
      "userinfo_endpoint": "https://example.com"
    }
  }
}