Enterprise SSO API Reference
These APIs can be called from your backend using your PropelAuth API Key. Click here more information about Enterprise SSO.
POST/api/backend/v1/org/<orgId>/allow_saml
Allow Org To Setup SAML
Allows an organization to setup SAML SSO. Users in the organization will then be able to go through the SAML setup flow.
Properties
- Name
orgId
*- Type
- string
- Description
- The organization ID
Request
auth.allowOrgToSetupSamlConnection(
"1189c444-8a2d-4c41-8b4b-ae43ce79a492"
)
Successful Response
POST/api/backend/v1/org/<orgId>/disallow_saml
Disallow Org To Setup SAML
Disallows an organization to setup SAML SSO. If the organization already has SAML setup, they will no longer be able to use it.
Properties
- Name
orgId
*- Type
- string
- Description
- The organization ID
Request
auth.disallowOrgToSetupSamlConnection(
"1189c444-8a2d-4c41-8b4b-ae43ce79a492"
)
Successful Response
POST/api/backend/v1/org/<orgId>/create_saml_connection_link
Create SAML Connection Link
Creates a link that allows a user to setup SAML for an organization without logging in or creating an account. Visit our SAML/Enterprise SSO docs for more information.
Properties
- Name
orgId
*- Type
- string
- Description
- The organization ID
- Name
expiresInSeconds
- Type
- number
- Description
- The amount of seconds before the link expires
Request
auth.createOrgSamlConnectionLink(
"1189c444-8a2d-4c41-8b4b-ae43ce79a492", // orgId
86400, // expired in seconds
)
Successful Response
{
url: "https://example.com"
}
GET/api/backend/v1/saml_sp_metadata/<orgId>
Fetch SAML SP Metadata
Fetches SAML Service Provider Metadata. This is the information your organizations will input into their IdP when configuring SAML.
Properties
- Name
orgId
*- Type
- string
- Description
- The ID of the organization
Request
auth.fetchSamlSpMetadata("1189c444-8a2d-4c41-8b4b-ae43ce79a492")
Successful Response
{
entityId: "https://auth.your.domain/saml/ORGS-URL-SLUG/metadata",
acsUrl: "https://auth.your.domain/saml/ORGS-URL-SLUG/acs",
logoutUrl: "https://auth.your.domain/saml/ORGS-URL-SLUG/logout"
}
POST/api/backend/v1/saml_idp_metadata
Set SAML IdP Metadata
Sets the SAML metadata from an organization's IdP. Must be completed before using the SAML Go Live endpoint.
Properties
- Name
idpEntityId
*- Type
- string
- Description
- The Entity ID (also known as Identity Provider Issuer) from the organization's IdP
- Name
idpSsoUrl
*- Type
- string
- Description
- The Single Sign-On URL from the organization's IdP
- Name
idpCertificate
*- Type
- string
- Description
- The Base-64 encoded X.509 certificate from the organization's IdP
- Name
provider
*- Type
- string
- Description
- The name of the SAML provider. Must equal 'Google', 'Rippling', 'OneLogin', 'JumpCloud', 'Okta', 'Azure', 'Duo', or 'Generic'
Request
auth.setSamlIdpMetadata(orgId, {
idpEntityId: "https://sts.windows.net/SOME-UUID/",
idpSsoUrl: "https://login.microsoftonline.com/SOME-UUID/saml2",
idpCertificate: "-----BEGIN CERTIFICATE-----MyCertificateHere-----END CERTIFICATE-----",
provider: "Azure"
});
Successful Response
POST/api/backend/v1/saml_idp_metadata/go_live/<orgId>
Enable SAML Connection
Sets an organization's SAML status to Live after using the Set SAML IdP Metadata endpoint
Properties
- Name
orgId
*- Type
- string
- Description
- The organization ID
Request
auth.samlGoLive(
"1189c444-8a2d-4c41-8b4b-ae43ce79a492"
)
Successful Response
DELETE/api/backend/v1/saml_idp_metadata/<orgId>
Delete SAML Connection
Deletes an organization's SAML connection. The organization will still be able to enable SAML.
Properties
- Name
orgId
*- Type
- string
- Description
- The organization ID
Request
auth.deleteSamlConnection("1189c444-8a2d-4c41-8b4b-ae43ce79a492")
Successful Response