Stytch - Auth platform for developers

The Update SAML Connection method wraps the Update SAML Connection API endpoint. The organization_id will be automatically inferred from the logged-in Member's session. This method cannot be used to update SAML connections in other Organizations.

Note that a newly created connection will not become active until all of the following are provided:

idp_sso_url
attribute_mapping
idp_entity_id
x509_certificate

Authenticated Method

This method requires valid Session for a Member with permission to perform the update Action on the stytch.sso Resource.

Before using this method, enable Member actions & organization modifications in the Frontend SDK page. To learn more, see our RBAC guide.

Method parameters

connection_id* string

Globally unique UUID that identifies a specific SSO connection_id for a Member.

identity_provider string

Name of the IdP. Enum with possible values: classlink, cyberark, duo, google-workspace, jumpcloud, keycloak, miniorange, microsoft-entra, okta, onelogin, pingfederate, rippling, salesforce, shibboleth, or generic.

Specifying a known provider allows Stytch to handle any provider-specific logic.

idp_entity_id string

A globally unique name for the IdP. This will be provided by the IdP.

display_name string

A human-readable display name for the connection.

attribute_mapping object

An object that represents the attributes used to identify a Member. This object will map the IdP-defined User attributes to Stytch-specific values. Required attributes: email and one of full_name or first_name and last_name.

email* string

The key that will be sent by the IdP to indicate the member's email. If your IdP is configured to have email as its Name ID format, you should use NameID for the value here.

full_name string

The key that will be sent by the IdP to indicate the member's full name.

groups string

The key that will be sent by the IdP to indicate the member's group memberships. This field is required if you would like to use SAML group implicit role assignments.

idp_user_id string

The ID of the member in the IdP. This is optional, but recommended, as it provides us with a stable identifier that can be used to correctly identify the Member and log them into their existing account after an IdP-driven email update.

idp_sso_url string

The URL for which assertions for login requests will be sent. This will be provided by the IdP.

x509_certificate string

A certificate that Stytch will use to verify the sign-in assertion sent by the IdP, in PEM format. See our X509 guide for more info.

saml_connection_implicit_role_assignments array[object]

All Members who log in with this SAML connection will implicitly receive the specified Roles. See the RBAC guide for more information about role assignment.

role_id string

The unique identifier of the RBAC Role, provided by the developer and intended to be human-readable.

Reserved role_ids that are predefined by Stytch include:

stytch_member
stytch_admin

Check out the guide on Stytch default Roles for a more detailed explanation.

saml_group_implicit_role_assignments array[object]

Defines the names of the SAML groups that grant specific role assignments. For each group-Role pair, if a Member logs in with this SAML connection and belongs to the specified SAML group, they will be granted the associated Role. See the RBAC guide for more information about role assignment. Before adding any group implicit role assignments, you must add a "groups" key to your SAML connection's attribute_mapping. Make sure that your IdP is configured to correctly send the group information.

group string

The name of the group that grants the specified role assignment.

role_id string

The unique identifier of the RBAC Role, provided by the developer and intended to be human-readable.

Reserved role_ids that are predefined by Stytch include:

stytch_member
stytch_admin

Check out the guide on Stytch default Roles for a more detailed explanation.

Response fields

request_id string

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

status_code int

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.

connection object

The SAML Connection object affected by this API call. See the SAML Connection Object for complete response field details.

import { Text, TouchableOpacity, View } from 'react-native'; import { useStytchB2BClient } from '@stytch/react-native/b2b'; export const UpdateSAMLConnection = () => { const stytch = useStytchB2BClient(); const updateSAMLConnection = () => { stytch.sso.saml.updateConnection({ connection_id: 'saml-connection-test-51861cbc-d3b9-428b-9761-227f5fb12be9', idp_sso_url: 'https://idp.example.com/51861cbc-d3b9-428b-9761-227f5fb12be9/sso/saml', }); }; return ( <View> <TouchableOpacity onPress={updateSAMLConnection}> <Text>Update SAML Connection</Text> </TouchableOpacity> </View> ); };

{ "connection": { "acs_url": "https://test.stytch.com/v1/b2b/sso/callback/saml-connection-test-51861cbc-d3b9-428b-9761-227f5fb12be9", "alternative_acs_url": "", "attribute_mapping": { "email": "email", "full_name": "name" }, "audience_uri": "https://test.stytch.com/v1/b2b/sso/callback/saml-connection-test-51861cbc-d3b9-428b-9761-227f5fb12be9", "alternative_audience_uri": "", "connection_id": "saml-connection-test-51861cbc-d3b9-428b-9761-227f5fb12be9", "display_name": "Example SAML Connection", "idp_entity_id": "https://idp.example.com/51861cbc-d3b9-428b-9761-227f5fb12be9", "idp_sso_url": "https://idp.example.com/51861cbc-d3b9-428b-9761-227f5fb12be9/sso/saml", "nameid_format": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "organization_id": "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931", "signing_certificates": [ { "certificate": "-----BEGIN CERTIFICATE-----\n...base64 blob...\n-----END CERTIFICATE", "created_at": "2023-01-01T00:00:00Z", "updated_at": "2023-01-01T00:00:00Z", "expires_at": "2033-01-01T00:00:00Z", "id": "", "issuer": "Stytch" } ], "status": "active", "identity_provider": "generic", "verification_certificates": [ { "certificate": "-----BEGIN CERTIFICATE-----\n...base64 blob...\n-----END CERTIFICATE", "created_at": "2023-01-01T00:00:00Z", "updated_at": "2023-01-01T00:00:00Z", "expires_at": "2033-01-01T00:00:00Z", "id": "saml-verification-key-test-5ccbc642-9373-42b8-928f-c1646c868701", "issuer": "" } ], "idp_initiated_auth_disabled": false }, "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141", "status_code": 200 }

{ "status_code": 401, "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141", "error_type": "unauthorized_credentials", "error_message": "Unauthorized credentials.", "error_url": "https://stytch.com/docs/api/errors/401" }

{ "status_code": 403, "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141", "error_type": "session_authorization_error", "error_message": "The Member is not authorized to perform the requested action on that resource.", "error_url": "https://stytch.com/docs/api/errors/403" }

{ "status_code": 429, "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141", "error_type": "too_many_requests", "error_message": "Too many requests have been made.", "error_url": "https://stytch.com/docs/api/errors/429" }

{ "status_code": 500, "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141", "error_type": "internal_server_error", "error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.", "error_url": "https://stytch.com/docs/api/errors/500" }

One-Time Passcodes

Time-Based One-Time Passcodes

Recovery Codes

Update SAML Connection

Method parameters

Response fields