Updates an existing External SSO connection.
RBAC Enforced API
When a Member Session is passed in the Authorization headers, Stytch will enforce that the Member has permission to take the update Action on the stytch.sso Resource prior to honoring the request.
To learn more, see our RBAC guide.
Globally unique UUID that identifies a specific Organization. The organization_id is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience.
Globally unique UUID that identifies a specific External SSO Connection.
A human-readable display name for the connection.
All Members who log in with this External connection will implicitly receive the specified Roles. See the RBAC guide for more information about role assignment. Implicit role assignments are not supported for External connections if the underlying SSO connection is an OIDC connection.
The unique identifier of the RBAC Role, provided by the developer and intended to be human-readable.
Reserved role_ids that are predefined by Stytch include:
Check out the guide on Stytch default Roles for a more detailed explanation.
Defines the names of the groups that grant specific role assignments. For each group-Role pair, if a Member logs in with this external connection and belongs to the specified group, they will be granted the associated Role. See the RBAC guide for more information about role assignment. Before adding any group implicit role assignments to an external connection, you must add a "groups" key to the underlying SAML connection's attribute_mapping. Make sure that the SAML connection IdP is configured to correctly send the group information. Implicit role assignments are not supported for External connections if the underlying SSO connection is an OIDC connection.
The name of the group that grants the specified role assignment.
The unique identifier of the RBAC Role, provided by the developer and intended to be human-readable.
Reserved role_ids that are predefined by Stytch include:
Check out the guide on Stytch default Roles for a more detailed explanation.
The secret token for a Member Session that should be used to perform an authorization check for this endpoint. If neither session header is passed, no authorization check will be performed. If one is passed, we will check that the Member Session contains a Role that satisfies the permission needed to call this endpoint. If it does not, or if the Member's Organization does not match the organization_id passed in the request, a 403 error will be thrown. Otherwise, the request will proceed as normal.
The JSON Web Token (JWT) for a Member Session that should be used to perform an authorization check for this endpoint. If neither session header is passed, no authorization check will be performed. If one is passed, we will check that the Member Session contains a Role that satisfies the permission needed to call this endpoint. If it does not, or if the Member's Organization does not match the organization_id passed in the request, a 403 error will be thrown. Otherwise, the request will proceed as normal.
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
The External Connection object affected by this API call. See the External Connection Object for complete response field details.
const stytch = require('stytch');
const client = new stytch.B2BClient({
project_id: 'PROJECT_ID',
secret: 'SECRET',
});
const params = {
organization_id: "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
connection_id: "external-connection-test-5c44cc6a-8af7-48d6-8da7-ea821342f5a6",
};
const options = {
authorization: {
session_token: 'mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q',
},
};
client.sso.external.updateConnection(params, options)
.then(resp => { console.log(resp) })
.catch(err => { console.log(err) });{
"connection": {
"connection_id": "external-connection-test-5c44cc6a-8af7-48d6-8da7-ea821342f5a6",
"display_name": "Example External Connection",
"organization_id": "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
"external_organization_id": "organization-test-ca6dbe77-10e5-4403-805a-b117c55c24c6",
"external_connection_id": "saml-connection-test-51861cbc-d3b9-428b-9761-227f5fb12be9",
"status": "active",
"external_connection_implicit_role_assignments": [
{
"role_id": "admin"
}
],
"external_group_implicit_role_assignments": [
{
"role_id": "editor",
"group": "editors"
},
{
"role_id": "reader",
"group": "readers"
}
]
},
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"status_code": 200
}{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "unauthorized_credentials",
"error_message": "Unauthorized credentials.",
"error_url": "https://stytch.com/docs/api/errors/401"
}{
"status_code": 429,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "too_many_requests",
"error_message": "Too many requests have been made.",
"error_url": "https://stytch.com/docs/api/errors/429"
}{
"status_code": 500,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "internal_server_error",
"error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.",
"error_url": "https://stytch.com/docs/api/errors/500"
}