> ## Documentation Index
> Fetch the complete documentation index at: https://stytch.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Create External Connection

> Create a new External SSO Connection

export const action_0 = "create"

export const resource_0 = "stytch.sso"

<Note>
  **RBAC Enforced API**

  If a Member Session is passed in the Authorization headers, Stytch will enforce that the Member has permission to take the **{action_0} Action** on the **{resource_0} Resource** prior to honoring the request.

  To learn more, see the [RBAC guide](/multi-tenant-auth/enterprise-ready/rbac).
</Note>


## OpenAPI

````yaml POST /v1/b2b/sso/external/{organization_id}
openapi: 3.0.3
info:
  title: Stytch API
  description: The Stytch API provides endpoints for authentication and user management.
  version: 2.1.1
  contact:
    name: Stytch Support
    url: https://stytch.com/docs
    email: support@stytch.com
servers:
  - url: https://api.stytch.com
    description: Production server
  - url: https://test.stytch.com
    description: Test server
security:
  - basicAuth: []
paths:
  /v1/b2b/sso/external/{organization_id}:
    post:
      tags:
        - Sso
      summary: Createconnection
      description: Create a new External SSO Connection.
      operationId: api_sso_v1_sso_external_CreateConnection
      parameters:
        - name: organization_id
          in: path
          required: true
          schema:
            type: string
            description: >-
              Globally unique UUID that identifies a specific Organization. The
              `organization_id` is critical to perform operations on an
              Organization, so be sure to preserve this value. You may also use
              the organization_slug or organization_external_id here as a
              convenience.
          description: >-
            Globally unique UUID that identifies a specific Organization. The
            `organization_id` is critical to perform operations on an
            Organization, so be sure to preserve this value. You may also use
            the organization_slug or organization_external_id here as a
            convenience.
        - name: X-Stytch-Member-Session
          in: header
          required: false
          description: >-
            A Stytch session that can be used to run the request with the given
            member's permissions.
          schema:
            type: string
        - name: X-Stytch-Member-SessionJWT
          in: header
          required: false
          description: >-
            A Stytch Session JSON Web Token (JWT) that can be used to run the
            request with the given member's permissions.
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: >-
                #/components/schemas/api_sso_v1_sso_external_CreateConnectionRequest
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/api_sso_v1_sso_external_CreateConnectionResponse
        '400':
          description: Bad request
        '401':
          description: Unauthorized
          content:
            application/json:
              example:
                status_code: 401
                request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141
                error_type: unauthorized_credentials
                error_message: Unauthorized credentials.
                error_url: https://stytch.com/docs/api/errors/401
        '429':
          description: Too Many Requests
          content:
            application/json:
              example:
                status_code: 429
                request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141
                error_type: too_many_requests
                error_message: Too many requests have been made.
                error_url: https://stytch.com/docs/api/errors/429
        '500':
          description: Internal server error
          content:
            application/json:
              example:
                status_code: 500
                request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141
                error_type: internal_server_error
                error_message: >-
                  Oops, something seems to have gone wrong, please reach out to
                  support@stytch.com to let us know what went wrong.
                error_url: https://stytch.com/docs/api/errors/500
      x-code-samples:
        - lang: csharp
          label: C#
          source: |-
            // POST /v1/b2b/sso/external/{organization_id}
            const stytch = require('stytch');

            const client = new stytch.B2BClient({
              project_id: '${projectId}',
              secret: '${secret}',
            });

            const params = {
              organization_id: "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
              external_organization_id: "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
              external_connection_id: "saml-connection-test-51861cbc-d3b9-428b-9761-227f5fb12be9",
              display_name: "Example External connection",
            };

            const options = {
              authorization: {
                session_token: '${sessionToken}',
              },
            };

            client.SSO.External.CreateConnection(params, options)
              .then(resp => { console.log(resp) })
              .catch(err => { console.log(err) });
        - lang: go
          label: Go
          source: "// POST /v1/b2b/sso/external/{organization_id}\npackage main\n\nimport (\n\t\"context\"\n\t\"log\"\n\n\t\"github.com/stytchauth/stytch-go/v18/stytch/b2b/b2bstytchapi\"\n\t\"github.com/stytchauth/stytch-go/v18/stytch/b2b/sso/external\"\n\t\"github.com/stytchauth/stytch-go/v18/stytch/methodoptions\"\n)\n\nfunc main() {\n\tclient, err := b2bstytchapi.NewClient(\n\t\t\"${projectId}\",\n\t\t\"${secret}\",\n\t)\n\tif err != nil {\n\t\tlog.Fatalf(\"error instantiating client: %v\", err)\n\t}\n\n\tparams := &external.CreateConnectionParams{\n\t\tOrganizationID:         \"organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931\",\n\t\tExternalOrganizationID: \"organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931\",\n\t\tExternalConnectionID:   \"saml-connection-test-51861cbc-d3b9-428b-9761-227f5fb12be9\",\n\t\tDisplayName:            \"Example External connection\",\n\t}\n\n\toptions := &external.CreateConnectionParamsOptions{\n\t\tAuthorization: methodoptions.Authorization{\n\t\t\tSessionToken: \"${sessionToken}\",\n\t\t},\n\t}\n\n\tresp, err := client.SSO.External.CreateConnection(context.Background(), params, options)\n\tif err != nil {\n\t\tlog.Fatalf(\"error in method call: %v\", err)\n\t}\n\n\tlog.Println(resp)\n}\n"
        - lang: java
          label: Java
          source: >-
            // POST /v1/b2b/sso/external/{organization_id}

            package com.example;


            import
            com.stytch.java.b2b.models.ssoexternal.CreateConnectionRequest;

            import
            com.stytch.java.b2b.models.ssoexternal.CreateConnectionRequestOptions;

            import com.stytch.java.b2b.StytchB2BClient;

            import com.stytch.java.common.methodoptions.Authorization;

            import com.stytch.java.common.StytchResult;


            public class Main {
                public static void main(String[] args) {
                    StytchB2BClient.configure("${projectId}", "${secret}");

                    CreateConnectionRequest params = new CreateConnectionRequest();
                    params.setOrganizationId("organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931");
                    params.setExternalOrganizationId("organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931");
                    params.setExternalConnectionId("saml-connection-test-51861cbc-d3b9-428b-9761-227f5fb12be9");
                    params.setDisplayName("Example External connection");

                    CreateConnectionRequestOptions options = new CreateConnectionRequestOptions();
                    Authorization authorization = new Authorization();
                    authorization.setSessionToken("${sessionToken}");
                    options.setAuthorization(authorization);

                    Object result = StytchB2BClient.getSSO().getExternal().createConnection(params, options);
                    if (result instanceof StytchResult.Success) {
                      System.out.println(((StytchResult.Success) result).getValue());
                    } else {
                      System.out.println(((StytchResult.Error) result).getException());
                    }
                }
            }
        - lang: kotlin
          label: Kotlin
          source: >
            // POST /v1/b2b/sso/external/{organization_id}

            package com.example


            import com.stytch.java.b2b.StytchB2BClient

            import
            com.stytch.java.b2b.models.ssoexternal.CreateConnectionRequest

            import
            com.stytch.java.b2b.models.ssoexternal.CreateConnectionRequestOptions

            import com.stytch.java.common.methodoptions.Authorization


            fun main() {
                StytchB2BClient.configure(
                    projectId = "${projectId}",
                    secret = "${secret}",
                )

                when (
                    val result =
                        StytchB2BClient.sso.external.createConnection(
                            CreateConnectionRequest(
                                organizationId = "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
                                externalOrganizationId = "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
                                externalConnectionId = "saml-connection-test-51861cbc-d3b9-428b-9761-227f5fb12be9",
                                displayName = "Example External connection",
                            ),
                            CreateConnectionRequestOptions(
                                Authorization(
                                    sessionToken = "${sessionToken}",
                                ),
                            ),
                        )
                ) {
                    is StytchResult.Success -> println(result.value)
                    is StytchResult.Error -> println(result.exception)
                }
            }
        - lang: javascript
          label: Node.js
          source: |-
            // POST /v1/b2b/sso/external/{organization_id}
            const stytch = require('stytch');

            const client = new stytch.B2BClient({
              project_id: '${projectId}',
              secret: '${secret}',
            });

            const params = {
              organization_id: "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
              external_organization_id: "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
              external_connection_id: "saml-connection-test-51861cbc-d3b9-428b-9761-227f5fb12be9",
              display_name: "Example External connection",
            };

            const options = {
              authorization: {
                session_token: '${sessionToken}',
              },
            };

            client.sso.external.createConnection(params, options)
              .then(resp => { console.log(resp) })
              .catch(err => { console.log(err) });
        - lang: php
          label: PHP
          source: |-
            $response = $client->sso->external->create_connection([
                'organization_id' => 'organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931',
                'external_organization_id' => 'organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931',
                'external_connection_id' => 'saml-connection-test-51861cbc-d3b9-428b-9761-227f5fb12be9',
                'display_name' => 'Example External connection',
            ], [
                    'authorization' => ['session_token' => '${sessionToken}'],

            ]);
        - lang: python
          label: Python
          source: >
            # POST /v1/b2b/sso/external/{organization_id}

            from stytch import B2BClient

            from stytch.b2b.models.sso_external import
            CreateConnectionRequestOptions

            from stytch.shared.method_options import Authorization


            client = B2BClient(
                project_id="${projectId}",
                secret="${secret}",
            )


            resp = client.sso.external.create_connection(
                organization_id="organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
                external_organization_id="organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
                external_connection_id="saml-connection-test-51861cbc-d3b9-428b-9761-227f5fb12be9",
                display_name="Example External connection",
                method_options=CreateConnectionRequestOptions(
                    authorization=Authorization(
                        session_token="${sessionToken}",
                    ),
                ),
            )


            print(resp)
        - lang: ruby
          label: Ruby
          source: |-
            # frozen_string_literal: true

            # POST /v1/b2b/sso/external/{organization_id}
            require 'stytch'

            client = StytchB2B::Client.new(
              project_id: "${projectId}",
              secret: "${secret}"
            )

            resp = client.sso.external.create_connection(
              organization_id: "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
              external_organization_id: "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
              external_connection_id: "saml-connection-test-51861cbc-d3b9-428b-9761-227f5fb12be9",
              display_name: "Example External connection",
              method_options: StytchB2B::SSO::External::CreateConnectionRequestOptions.new(
                authorization: Stytch::MethodOptions::Authorization.new(session_token: '${sessionToken}')
              )
            )

            puts resp
        - lang: rust
          label: Rust
          source: |-
            // POST /v1/b2b/sso/external/{organization_id}
            use stytch::b2b::client::Client;
            use stytch::b2b::sso_external::CreateConnectionRequest;

            fn main() {
                let client = Client::new("${projectId}", "${secret}").unwrap();
                let resp = client.sso.external.create_connection(
                    CreateConnectionRequest{
                        organization_id: "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
                        external_organization_id: "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
                        external_connection_id: "saml-connection-test-51861cbc-d3b9-428b-9761-227f5fb12be9",
                        display_name: Some(String::from("Example External connection")),
                        ..Default::default()
                    }
                ).await;
                println!("The response is {:?}", resp);
            }
        - lang: bash
          label: cURL
          source: |-
            # POST /v1/b2b/sso/external/{organization_id}
            curl --request POST \
              --url https://test.stytch.com/v1/b2b/sso/external/organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931 \
              -u '${projectId}:${secret}' \
              -H 'Content-Type: application/json' \
              -H "X-Stytch-Member-Session: ${sessionToken}" \
              -d '{
                "external_organization_id": "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
                "external_connection_id": "saml-connection-test-51861cbc-d3b9-428b-9761-227f5fb12be9",
                "display_name": "Example External connection"
              }'
components:
  schemas:
    api_sso_v1_sso_external_CreateConnectionRequest:
      type: object
      properties:
        external_organization_id:
          type: string
          description: >-
            Globally unique UUID that identifies a different Organization within
            your Project.
        external_connection_id:
          type: string
          description: >-
            Globally unique UUID that identifies a specific SSO connection
            configured for a different Organization in your Project.
        display_name:
          type: string
          description: A human-readable display name for the connection.
        connection_implicit_role_assignments:
          type: array
          items:
            $ref: >-
              #/components/schemas/api_sso_v1_SAMLConnectionImplicitRoleAssignment
        group_implicit_role_assignments:
          type: array
          items:
            $ref: '#/components/schemas/api_sso_v1_SAMLGroupImplicitRoleAssignment'
      description: Request type
      required:
        - external_organization_id
        - external_connection_id
    api_sso_v1_sso_external_CreateConnectionResponse:
      type: object
      properties:
        request_id:
          type: string
          description: >-
            Globally unique UUID that is returned with every API call. This
            value is important to log for debugging purposes; we may ask for
            this value to help identify a specific API call when helping you
            debug an issue.
        status_code:
          type: integer
          format: int32
          description: >-
            The HTTP status code of the response. Stytch follows standard HTTP
            response status code patterns, e.g. 2XX values equate to success,
            3XX values are redirects, 4XX are client errors, and 5XX are server
            errors.
        connection:
          $ref: '#/components/schemas/api_sso_v1_Connection'
          description: >-
            The [External Connection
            Object](https://stytch.com/docs/b2b/api/external-connection-object).
      required:
        - request_id
        - status_code
    api_sso_v1_SAMLConnectionImplicitRoleAssignment:
      type: object
      properties:
        role_id:
          type: string
          description: >-
            The unique identifier of the RBAC Role, provided by the developer
            and intended to be human-readable.

              Reserved `role_id`s that are predefined by Stytch include:

              * `stytch_member`
              * `stytch_admin`

              Check out the [guide on Stytch default Roles](https://stytch.com/docs/b2b/guides/rbac/stytch-default) for a more detailed explanation.

              
      required:
        - role_id
    api_sso_v1_SAMLGroupImplicitRoleAssignment:
      type: object
      properties:
        role_id:
          type: string
        group:
          type: string
      required:
        - role_id
        - group
    api_sso_v1_Connection:
      type: object
      properties:
        organization_id:
          type: string
          description: >-
            Globally unique UUID that identifies a specific Organization. The
            `organization_id` is critical to perform operations on an
            Organization, so be sure to preserve this value. You may also use
            the organization_slug or organization_external_id here as a
            convenience.
        connection_id:
          type: string
          description: >-
            Globally unique UUID that identifies a specific External SSO
            Connection.
        external_organization_id:
          type: string
          description: >-
            Globally unique UUID that identifies a different Organization within
            your Project.
        external_connection_id:
          type: string
          description: >-
            Globally unique UUID that identifies a specific SSO connection
            configured for a different Organization in your Project.
        display_name:
          type: string
          description: A human-readable display name for the connection.
        status:
          type: string
          description: >-
            The status of the connection. External connections are always
            active.
        external_connection_implicit_role_assignments:
          type: array
          items:
            $ref: '#/components/schemas/api_sso_v1_ConnectionImplicitRoleAssignment'
          description: >-
            All Members who log in with this External connection will implicitly
            receive the specified Roles. See the [RBAC
            guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for
            more information about role assignment. Implicit role assignments
            are not supported for External connections if the underlying SSO
            connection is an OIDC connection. 
        external_group_implicit_role_assignments:
          type: array
          items:
            $ref: '#/components/schemas/api_sso_v1_GroupImplicitRoleAssignment'
          description: |-
            Defines the names of the groups
             that grant specific role assignments. For each group-Role pair, if a Member logs in with this external connection and
             belongs to the specified group, they will be granted the associated Role. See the
             [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.
      required:
        - organization_id
        - connection_id
        - external_organization_id
        - external_connection_id
        - display_name
        - status
        - external_connection_implicit_role_assignments
        - external_group_implicit_role_assignments
    api_sso_v1_ConnectionImplicitRoleAssignment:
      type: object
      properties:
        role_id:
          type: string
          description: >-
            The unique identifier of the RBAC Role, provided by the developer
            and intended to be human-readable.

              Reserved `role_id`s that are predefined by Stytch include:

              * `stytch_member`
              * `stytch_admin`

              Check out the [guide on Stytch default Roles](https://stytch.com/docs/b2b/guides/rbac/stytch-default) for a more detailed explanation.

              
      required:
        - role_id
    api_sso_v1_GroupImplicitRoleAssignment:
      type: object
      properties:
        role_id:
          type: string
        group:
          type: string
      required:
        - role_id
        - group
  securitySchemes:
    basicAuth:
      type: http
      scheme: basic

````