# Update SSO connection

> Source: https://truto.one/docs/api-reference/admin/sso-connections/update/

`PATCH /sso-connection/{id}`

Resource: **SSO Connections**

## Path parameters

- **`id`** _(string, required)_
  The ID of the SSO connection you want to update.

## Request body

- **`protocol`** _(string)_
  The SSO protocol for this connection.
  Allowed: `saml`, `oidc`
- **`is_active`** _(boolean)_
  Whether the connection is active.
- **`enforced`** _(boolean)_
  Whether SSO login is enforced for the connection's verified domains.
- **`is_default`** _(boolean)_
  Whether this is the team's default SSO connection.
- **`config`** _(object)_
  Non-secret protocol settings. Deep-merged onto the existing config.
  - **`idp_entity_id`** _(string)_
    SAML IdP entity ID.
  - **`idp_sso_url`** _(string)_
    SAML IdP single sign-on URL.
  - **`idp_x509_cert`** _(string)_
    SAML IdP X.509 signing certificate (PEM).
  - **`issuer`** _(string)_
    OIDC issuer URL.
  - **`client_id`** _(string)_
    OIDC relying-party client ID.
  - **`discovery_url`** _(string)_
    OIDC discovery document URL.
  - **`sign_authn_requests`** _(boolean)_
    SAML only — sign SP-initiated AuthnRequests with the SP key (HTTP-Redirect binding).
  - **`allow_idp_initiated`** _(boolean)_
    SAML only — accept unsolicited (IdP-initiated) responses at the ACS. Defaults to false (unsolicited responses rejected) when omitted.
  - **`idp_metadata_xml`** _(string)_
    SAML only — IdP metadata XML. When provided, the server parses it to populate idp_entity_id, idp_sso_url, and idp_x509_cert, then discards the raw XML (never stored or returned).
- **`client_secret`** _(string)_
  The OIDC relying-party client secret. Write-only — encrypted at rest and never returned.
- **`default_role`** _(string)_
  The role assigned to users provisioned through this connection.
- **`default_environment_ids`** _(array<string>)_
  Environment IDs that provisioned users are granted access to by default.

## Response body

- **`id`** _(string)_
  The ID of the SSO connection.
- **`team_id`** _(string)_
  The ID of the team that owns this SSO connection.
- **`protocol`** _(string)_
  The SSO protocol used by this connection.
  Allowed: `saml`, `oidc`
- **`is_active`** _(boolean)_
  Whether this SSO connection is active.
- **`enforced`** _(boolean)_
  Whether SSO login is enforced for users on the connection's verified domains.
- **`is_default`** _(boolean)_
  Whether this is the team's default SSO connection.
- **`config`** _(object)_
  Non-secret protocol settings. Secret values (the OIDC client secret and SAML SP keys) are never returned.
  - **`idp_entity_id`** _(string)_
    SAML IdP entity ID.
  - **`idp_sso_url`** _(string)_
    SAML IdP single sign-on URL.
  - **`idp_x509_cert`** _(string)_
    SAML IdP X.509 signing certificate (PEM).
  - **`issuer`** _(string)_
    OIDC issuer URL.
  - **`client_id`** _(string)_
    OIDC relying-party client ID.
  - **`discovery_url`** _(string)_
    OIDC discovery document URL.
  - **`sign_authn_requests`** _(boolean)_
    SAML only — sign SP-initiated AuthnRequests with the SP key (HTTP-Redirect binding).
  - **`allow_idp_initiated`** _(boolean)_
    SAML only — accept unsolicited (IdP-initiated) responses at the ACS. Defaults to false (unsolicited responses rejected) when omitted.
- **`default_role`** _(string)_
  The role assigned to users provisioned through this connection.
- **`default_environment_ids`** _(array<string>)_
  Environment IDs that provisioned users are granted access to by default.
- **`created_at`** _(string)_
  The date and time when the SSO connection was created.
- **`updated_at`** _(string)_
  The date and time when the SSO connection was last updated.

## Code examples

### curl

```bash
curl -X PATCH 'https://api.truto.one/sso-connection/{id}' \
  -H 'Authorization: Bearer <your_api_token>' \
  -H 'Content-Type: application/json' \
  -d '{
  "protocol": "saml",
  "is_active": true,
  "enforced": false,
  "is_default": false,
  "config": {},
  "client_secret": "rp-secret-value",
  "default_role": "member",
  "default_environment_ids": []
}'
```

### JavaScript

```javascript
const body = {
  "protocol": "saml",
  "is_active": true,
  "enforced": false,
  "is_default": false,
  "config": {},
  "client_secret": "rp-secret-value",
  "default_role": "member",
  "default_environment_ids": []
};

const response = await fetch('https://api.truto.one/sso-connection/{id}', {
  method: 'PATCH',
  headers: {
    'Authorization': 'Bearer <your_api_token>',
    'Content-Type': 'application/json',
  },
  body: JSON.stringify(body),
});

const data = await response.json();
console.log(data);
```

### Python

```python
import requests

url = "https://api.truto.one/sso-connection/{id}"
headers = {
    "Authorization": "Bearer <your_api_token>",
    "Content-Type": "application/json",
}
params = {
}
payload = {
    "protocol": "saml",
    "is_active": True,
    "enforced": False,
    "is_default": False,
    "config": {},
    "client_secret": "rp-secret-value",
    "default_role": "member",
    "default_environment_ids": []
}

response = requests.patch(url, headers=headers, params=params, json=payload)
print(response.json())
```