Enterprise SSO API Reference

These APIs can be called from your backend using your PropelAuth API Key. Click here more information about Enterprise SSO.


POST/api/backend/v1/org/<orgId>/allow_saml

Allow Org To Setup SAML

Allows an organization to setup SAML SSO. Users in the organization will then be able to go through the SAML setup flow.

Properties

  • Name
    orgId *
    Type
    string
    Description
    The organization ID

Request

auth.allowOrgToSetupSamlConnection(
    "1189c444-8a2d-4c41-8b4b-ae43ce79a492"
)

Successful Response


POST/api/backend/v1/org/<orgId>/disallow_saml

Disallow Org To Setup SAML

Disallows an organization to setup SAML SSO. If the organization already has SAML setup, they will no longer be able to use it.

Properties

  • Name
    orgId *
    Type
    string
    Description
    The organization ID

Request

auth.disallowOrgToSetupSamlConnection(
    "1189c444-8a2d-4c41-8b4b-ae43ce79a492"
)

Successful Response


POST/api/backend/v1/org/<orgId>/create_saml_connection_link
Creates a link that allows a user to setup SAML for an organization without logging in or creating an account. Visit our SAML/Enterprise SSO docs for more information.

Properties

  • Name
    orgId *
    Type
    string
    Description
    The organization ID
  • Name
    expiresInSeconds
    Type
    number
    Description
    The amount of seconds before the link expires

Request

auth.createOrgSamlConnectionLink(
    "1189c444-8a2d-4c41-8b4b-ae43ce79a492", // orgId
    86400, // expired in seconds
)

Successful Response

{
    url: "https://example.com"
}

GET/api/backend/v1/saml_sp_metadata/<orgId>

Fetch SAML SP Metadata

Fetches SAML Service Provider Metadata. This is the information your organizations will input into their IdP when configuring SAML.

Properties

  • Name
    orgId *
    Type
    string
    Description
    The ID of the organization

Request

auth.fetchSamlSpMetadata("1189c444-8a2d-4c41-8b4b-ae43ce79a492")

Successful Response

{
    entityId: "https://auth.your.domain/saml/ORGS-URL-SLUG/metadata",
    acsUrl: "https://auth.your.domain/saml/ORGS-URL-SLUG/acs",
    logoutUrl: "https://auth.your.domain/saml/ORGS-URL-SLUG/logout"
}

POST/api/backend/v1/saml_idp_metadata

Set SAML IdP Metadata

Sets the SAML metadata from an organization's IdP. Must be completed before using the SAML Go Live endpoint.

Properties

  • Name
    idpEntityId *
    Type
    string
    Description
    The Entity ID (also known as Identity Provider Issuer) from the organization's IdP
  • Name
    idpSsoUrl *
    Type
    string
    Description
    The Single Sign-On URL from the organization's IdP
  • Name
    idpCertificate *
    Type
    string
    Description
    The Base-64 encoded X.509 certificate from the organization's IdP
  • Name
    provider *
    Type
    string
    Description
    The name of the SAML provider. Must equal 'Google', 'Rippling', 'OneLogin', 'JumpCloud', 'Okta', 'Azure', 'Duo', or 'Generic'

Request

auth.setSamlIdpMetadata(orgId, {
    idpEntityId: "https://sts.windows.net/SOME-UUID/",
    idpSsoUrl: "https://login.microsoftonline.com/SOME-UUID/saml2",
    idpCertificate: "-----BEGIN CERTIFICATE-----MyCertificateHere-----END CERTIFICATE-----",
    provider: "Azure"
});

Successful Response


POST/api/backend/v1/saml_idp_metadata/go_live/<orgId>

Enable SAML Connection

Sets an organization's SAML status to Live after using the Set SAML IdP Metadata endpoint

Properties

  • Name
    orgId *
    Type
    string
    Description
    The organization ID

Request

auth.samlGoLive(
    "1189c444-8a2d-4c41-8b4b-ae43ce79a492"
)

Successful Response


DELETE/api/backend/v1/saml_idp_metadata/<orgId>

Delete SAML Connection

Deletes an organization's SAML connection. The organization will still be able to enable SAML.

Properties

  • Name
    orgId *
    Type
    string
    Description
    The organization ID

Request

auth.deleteSamlConnection("1189c444-8a2d-4c41-8b4b-ae43ce79a492")

Successful Response