# SSO Connections Object

> Source: https://truto.one/docs/api-reference/admin/sso-connections/

Schema for the `SSO Connections` resource in **Admin API**.

## Properties

- **`id`** _(string)_
  The ID of the SSO connection.
- **`team_id`** _(string)_
  The ID of the team that owns this SSO connection.
- **`protocol`** _(string)_
  The SSO protocol used by this connection.
  Allowed: `saml`, `oidc`
- **`is_active`** _(boolean)_
  Whether this SSO connection is active.
- **`enforced`** _(boolean)_
  Whether SSO login is enforced for users on the connection's verified domains.
- **`is_default`** _(boolean)_
  Whether this is the team's default SSO connection.
- **`config`** _(object)_
  Non-secret protocol settings. Secret values (the OIDC client secret and SAML SP keys) are never returned.
  - **`idp_entity_id`** _(string)_
    SAML IdP entity ID.
  - **`idp_sso_url`** _(string)_
    SAML IdP single sign-on URL.
  - **`idp_x509_cert`** _(string)_
    SAML IdP X.509 signing certificate (PEM).
  - **`issuer`** _(string)_
    OIDC issuer URL.
  - **`client_id`** _(string)_
    OIDC relying-party client ID.
  - **`discovery_url`** _(string)_
    OIDC discovery document URL.
  - **`sign_authn_requests`** _(boolean)_
    SAML only — sign SP-initiated AuthnRequests with the SP key (HTTP-Redirect binding).
  - **`allow_idp_initiated`** _(boolean)_
    SAML only — accept unsolicited (IdP-initiated) responses at the ACS. Defaults to false (unsolicited responses rejected) when omitted.
- **`default_role`** _(string)_
  The role assigned to users provisioned through this connection.
- **`default_environment_ids`** _(array<string>)_
  Environment IDs that provisioned users are granted access to by default.
- **`created_at`** _(string)_
  The date and time when the SSO connection was created.
- **`updated_at`** _(string)_
  The date and time when the SSO connection was last updated.

## Methods

- [GET /sso-connection/{id}/domains](/docs/api-reference/admin/sso-connections/list) — List SSO connection domains
- [POST /sso-connection/{id}/domains](/docs/api-reference/admin/sso-connections/create) — Add SSO connection domain
- [GET /sso-connection/{id}](/docs/api-reference/admin/sso-connections/get) — Get SSO connection
- [PATCH /sso-connection/{id}](/docs/api-reference/admin/sso-connections/update) — Update SSO connection
- [DELETE /sso-connection/{id}/domains/{domain}](/docs/api-reference/admin/sso-connections/delete) — Remove SSO connection domain
- [POST /sso-connection/{id}/domains/{domain}/verify](/docs/api-reference/admin/sso-connections/verify) — Verify SSO connection domain