Update SSO connection
/sso-connection/{id}
Path Parameters
The ID of the SSO connection you want to update.
1ba1f401-7183-47c5-9e39-e8e257e3c795Request Body
The OIDC relying-party client secret. Write-only — encrypted at rest and never returned.
rp-secret-valueNon-secret protocol settings. Deep-merged onto the existing config.
SAML only — accept unsolicited (IdP-initiated) responses at the ACS. Defaults to false (unsolicited responses rejected) when omitted.
falseOIDC relying-party client ID.
truto-clientOIDC discovery document URL.
https://accounts.example.com/.well-known/openid-configurationSAML IdP entity ID.
https://idp.example.com/metadataSAML only — IdP metadata XML. When provided, the server parses it to populate idp_entity_id, idp_sso_url, and idp_x509_cert, then discards the raw XML (never stored or returned).
SAML IdP single sign-on URL.
https://idp.example.com/ssoSAML IdP X.509 signing certificate (PEM).
OIDC issuer URL.
https://accounts.example.comSAML only — sign SP-initiated AuthnRequests with the SP key (HTTP-Redirect binding).
falseEnvironment IDs that provisioned users are granted access to by default.
The role assigned to users provisioned through this connection.
memberWhether SSO login is enforced for the connection's verified domains.
falseWhether the connection is active.
trueWhether this is the team's default SSO connection.
falseThe SSO protocol for this connection.
samlsamloidc
Response Body
Non-secret protocol settings. Secret values (the OIDC client secret and SAML SP keys) are never returned.
SAML only — accept unsolicited (IdP-initiated) responses at the ACS. Defaults to false (unsolicited responses rejected) when omitted.
falseOIDC relying-party client ID.
truto-clientOIDC discovery document URL.
https://accounts.example.com/.well-known/openid-configurationSAML IdP entity ID.
https://idp.example.com/metadataSAML IdP single sign-on URL.
https://idp.example.com/ssoSAML IdP X.509 signing certificate (PEM).
OIDC issuer URL.
https://accounts.example.comSAML only — sign SP-initiated AuthnRequests with the SP key (HTTP-Redirect binding).
falseThe date and time when the SSO connection was created.
2021-08-10T10:00:00.000ZEnvironment IDs that provisioned users are granted access to by default.
The role assigned to users provisioned through this connection.
memberWhether SSO login is enforced for users on the connection's verified domains.
falseThe ID of the SSO connection.
1ba1f401-7183-47c5-9e39-e8e257e3c795Whether this SSO connection is active.
trueWhether this is the team's default SSO connection.
falseThe SSO protocol used by this connection.
samlsamloidc
The ID of the team that owns this SSO connection.
05daecaf-4365-42e8-8370-8127de5dd717The date and time when the SSO connection was last updated.
2021-08-10T10:30:00.000Zcurl -X PATCH 'https://api.truto.one/sso-connection/{id}' \
-H 'Authorization: Bearer <your_api_token>' \
-H 'Content-Type: application/json' \
-d '{
"protocol": "saml",
"is_active": true,
"enforced": false,
"is_default": false,
"config": {},
"client_secret": "rp-secret-value",
"default_role": "member",
"default_environment_ids": []
}'const body = {
"protocol": "saml",
"is_active": true,
"enforced": false,
"is_default": false,
"config": {},
"client_secret": "rp-secret-value",
"default_role": "member",
"default_environment_ids": []
};
const response = await fetch('https://api.truto.one/sso-connection/{id}', {
method: 'PATCH',
headers: {
'Authorization': 'Bearer <your_api_token>',
'Content-Type': 'application/json',
},
body: JSON.stringify(body),
});
const data = await response.json();
console.log(data);import requests
url = "https://api.truto.one/sso-connection/{id}"
headers = {
"Authorization": "Bearer <your_api_token>",
"Content-Type": "application/json",
}
params = {
}
payload = {
"protocol": "saml",
"is_active": True,
"enforced": False,
"is_default": False,
"config": {},
"client_secret": "rp-secret-value",
"default_role": "member",
"default_environment_ids": []
}
response = requests.patch(url, headers=headers, params=params, json=payload)
print(response.json())