Create SAML Connection

// POST /v1/b2b/sso/saml/{organization_id}
const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
  organization_id: "${organizationId}",
  display_name: "Example SAML connection",
};

const options = {
  authorization: {
    session_token: '${sessionToken}',
  },
};

client.SSO.SAML.CreateConnection(params, options)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });

{
  "request_id": "<string>",
  "status_code": 123,
  "connection": {
    "organization_id": "<string>",
    "connection_id": "<string>",
    "status": "<string>",
    "idp_entity_id": "<string>",
    "display_name": "<string>",
    "idp_sso_url": "<string>",
    "acs_url": "<string>",
    "audience_uri": "<string>",
    "signing_certificates": [
      {
        "certificate_id": "<string>",
        "certificate": "<string>",
        "issuer": "<string>",
        "created_at": "<string>",
        "expires_at": "<string>",
        "updated_at": "<string>"
      }
    ],
    "verification_certificates": [
      {
        "certificate_id": "<string>",
        "certificate": "<string>",
        "issuer": "<string>",
        "created_at": "<string>",
        "expires_at": "<string>",
        "updated_at": "<string>"
      }
    ],
    "encryption_private_keys": [
      {
        "private_key_id": "<string>",
        "private_key": "<string>",
        "created_at": "<string>"
      }
    ],
    "saml_connection_implicit_role_assignments": [
      {
        "role_id": "<string>"
      }
    ],
    "saml_group_implicit_role_assignments": [
      {
        "role_id": "<string>",
        "group": "<string>"
      }
    ],
    "alternative_audience_uri": "<string>",
    "identity_provider": "<string>",
    "nameid_format": "<string>",
    "alternative_acs_url": "<string>",
    "idp_initiated_auth_disabled": true,
    "allow_gateway_callback": true,
    "attribute_mapping": {}
  }
}

POST

b2b

sso

saml

{organization_id}

// POST /v1/b2b/sso/saml/{organization_id}
const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
  organization_id: "${organizationId}",
  display_name: "Example SAML connection",
};

const options = {
  authorization: {
    session_token: '${sessionToken}',
  },
};

client.SSO.SAML.CreateConnection(params, options)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });

{
  "request_id": "<string>",
  "status_code": 123,
  "connection": {
    "organization_id": "<string>",
    "connection_id": "<string>",
    "status": "<string>",
    "idp_entity_id": "<string>",
    "display_name": "<string>",
    "idp_sso_url": "<string>",
    "acs_url": "<string>",
    "audience_uri": "<string>",
    "signing_certificates": [
      {
        "certificate_id": "<string>",
        "certificate": "<string>",
        "issuer": "<string>",
        "created_at": "<string>",
        "expires_at": "<string>",
        "updated_at": "<string>"
      }
    ],
    "verification_certificates": [
      {
        "certificate_id": "<string>",
        "certificate": "<string>",
        "issuer": "<string>",
        "created_at": "<string>",
        "expires_at": "<string>",
        "updated_at": "<string>"
      }
    ],
    "encryption_private_keys": [
      {
        "private_key_id": "<string>",
        "private_key": "<string>",
        "created_at": "<string>"
      }
    ],
    "saml_connection_implicit_role_assignments": [
      {
        "role_id": "<string>"
      }
    ],
    "saml_group_implicit_role_assignments": [
      {
        "role_id": "<string>",
        "group": "<string>"
      }
    ],
    "alternative_audience_uri": "<string>",
    "identity_provider": "<string>",
    "nameid_format": "<string>",
    "alternative_acs_url": "<string>",
    "idp_initiated_auth_disabled": true,
    "allow_gateway_callback": true,
    "attribute_mapping": {}
  }
}

RBAC Enforced APIIf a Member Session is passed in the Authorization headers, Stytch will enforce that the Member has permission to take the Action on the Resource prior to honoring the request.To learn more, see the RBAC guide.

Authorizations

Authorization

string

header

required

Basic authentication header of the form Basic <encoded-value>, where <encoded-value> is the base64-encoded string username:password.

Headers

X-Stytch-Member-Session

string

A Stytch session that can be used to run the request with the given member's permissions.

X-Stytch-Member-SessionJWT

string

A Stytch Session JSON Web Token (JWT) that can be used to run the request with the given member's permissions.

Path Parameters

organization_id

string

required

Globally unique UUID that identifies a specific Organization. The organization_id is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience.

Body

application/json

Request type

display_name

string

A human-readable display name for the connection.

identity_provider

enum<string>

Name of the IdP. Enum with possible values: classlink, cyberark, duo, google-workspace, jumpcloud, keycloak, miniorange, microsoft-entra, okta, onelogin, pingfederate, rippling, salesforce, shibboleth, or generic.

Specifying a known provider allows Stytch to handle any provider-specific logic.

Available options:

classlink,

cyberark,

duo,

generic,

google-workspace,

jumpcloud,

keycloak,

miniorange,

microsoft-entra,

okta,

onelogin,

pingfederate,

rippling,

salesforce,

shibboleth

Response

Successful response

request_id

string

required

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

status_code

integer<int32>

required

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.

connection

object

The SAML Connection Object

Show child attributes

⌘I