/
Contact usSee pricingStart building
    Overview
    Changelog
    Installation

    Pre-built UI

    StytchB2B
      Configuration
      Callbacks
      Text Customization
      Component Playground
    Admin Portal
      SSO
      Org Settings
      Member Management
      SCIM
    B2BIdentityProvider
      Configuration
      UI Callbacks

    Headless

    Organizations
      Get Organization
      Get Organization by Slug
      Update Organization
      Delete Organization
      Get Organization Connected Apps
      Get Organization Connected App
    Members
      Get Member
      Create Member
      Update Member
      Search Members
      Delete Member
      Reactivate Member
      Delete Member Password
      Delete Member MFA Phone Number
      Delete Member MFA TOTP
      Unlink Retired Member Email
      Start Member Email Update
      Update Self
      Delete Self Password
      Delete Self MFA Phone Number
      Delete Self MFA TOTP
      Unlink Retired Self Email
      Start Self Email Update
      Update Member (Deprecated)
      Delete Member MFA Phone Number (Deprecated)
      Get Member Connected Apps
      Get Self Connected Apps
      Revoke Member Connected App
      Revoke Self Connected App
    RBAC
      Is Authorized
      Permissions
    Email Magic Links
      Login or Signup
      Invite
      Authenticate
      Send Discovery Email
      Authenticate Discovery Magic Link
    Email One-time Passcodes (OTPs)
      Login or Signup
      Authenticate OTP
      Send Discovery Email OTP
      Authenticate Discovery Email OTP
    OAuth
      Start OAuth Flow
      Google One Tap
      Authenticate
      Start Discovery OAuth Flow
      Discovery Authenticate
    Session Management
      Get Session
      Authenticate Session
      Revoke Session
      Update Session
      Exchange Session
      Get Tokens
      Revoke Sessions for Member
      Attest Session
      Exchange Access Token
    SSO
      Start SSO Flow
      Authenticate
      Get SSO Connections
      Discover SSO Connections
      Delete SSO Connection
      Create SAML Connection
      Update SAML Connection
      Update SAML Connection by Metadata URL
      Delete Encryption Private Key
      Delete Verification Certificate
      Create OIDC Connection
      Update OIDC Connection
      Create External Connection
      Update External Connection
    Discovery
      List Discovered Organizations
      Create Organization via Discovery
      Exchange Intermediate Session
    Passwords
      Authenticate
      Reset by Email Start
      Reset by Email
      Reset by Existing Password
      Reset by Session
      Strength Check

    • Discovery

        • Authenticate
        Reset by Email Start
        Reset by Email
    SCIM
      Create SCIM Connection
      Update SCIM Connection
      Delete SCIM Connection
      Get SCIM Connection
      SCIM Token Rotation Start
      SCIM Token Rotation Complete
      SCIM Token Rotation Cancel
      Get SCIM Connection Groups
    Multi-Factor Authentication

    • One-Time Passcodes

        • SMS Send
        SMS Authenticate

    • Time-Based One-Time Passcodes

        • TOTP Create
        TOTP Authenticate

    • Recovery Codes

        • Recovery Codes Recover
        Rotate Recovery Codes
        Get Recovery Codes
    Impersonation
      Authenticate
    Connected Apps

    • Consent Management

        • Start OAuth Authorization
        Submit OAuth Authorization

    More Resources

    Cookies & session management
    SWR & caching
    TypeScript
Get support on SlackVisit our developer forum

Contact us

B2B SaaS Authentication

/

Frontend SDKs

/

Headless

/

SSO

/

Update External Connection

Update External Connection

The Update External Connection method wraps the Update External Connection API endpoint. The organization_id will be automatically inferred from the logged-in Member's session. This method cannot be used to update External connections in other Organizations.

Authenticated Method

This method requires valid Session for a Member with permission to perform the update Action on the stytch.sso Resource.

Before using this method, enable Member actions & organization modifications in the Frontend SDK page. To learn more, see our RBAC guide.

Method parameters

connection_id* string

Globally unique UUID that identifies a specific External SSO Connection.

display_name string

A human-readable display name for the connection.

external_connection_implicit_role_assignments array[object]

All Members who log in with this External connection will implicitly receive the specified Roles. See the RBAC guide for more information about role assignment. Implicit role assignments are not supported for External connections if the underlying SSO connection is an OIDC connection.

role_id string

The unique identifier of the RBAC Role, provided by the developer and intended to be human-readable.

Reserved role_ids that are predefined by Stytch include:

  • stytch_member
  • stytch_admin

Check out the guide on Stytch default Roles for a more detailed explanation.

external_group_implicit_role_assignments array[object]

Defines the names of the groups that grant specific role assignments. For each group-Role pair, if a Member logs in with this external connection and belongs to the specified group, they will be granted the associated Role. See the RBAC guide for more information about role assignment. Before adding any group implicit role assignments to an external connection, you must add a "groups" key to the underlying SAML connection's attribute_mapping. Make sure that the SAML connection IdP is configured to correctly send the group information. Implicit role assignments are not supported for External connections if the underlying SSO connection is an OIDC connection.

group string

The name of the group that grants the specified role assignment.

role_id string

The unique identifier of the RBAC Role, provided by the developer and intended to be human-readable.

Reserved role_ids that are predefined by Stytch include:

  • stytch_member
  • stytch_admin

Check out the guide on Stytch default Roles for a more detailed explanation.

Response fields

request_id string

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

status_code int

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.

connection object

The OIDC Connection object affected by this API call. See the OIDC Connection Object for complete response field details.

import { useStytchB2BClient } from '@stytch/react/b2b';

export const UpdateExternalConnection = () => {
  const stytch = useStytchB2BClient();

  const updateExternalConnection = () => {
    stytch.sso.external.updateConnection({
      connection_id: 'external-connection-test-5c44cc6a-8af7-48d6-8da7-ea821342f5a6',
      display_name: 'Example External Connection',
    });
  };

  return <button onClick={updateExternalConnection}>Update External Connection</button>;
};
RESPONSE 200
200
​
{
	"connection": {
		"connection_id": "external-connection-test-5c44cc6a-8af7-48d6-8da7-ea821342f5a6",
		"display_name": "Example External Connection",
		"organization_id": "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
		"external_organization_id": "organization-test-ca6dbe77-10e5-4403-805a-b117c55c24c6",
		"external_connection_id": "saml-connection-test-51861cbc-d3b9-428b-9761-227f5fb12be9",
		"status": "active",
		"external_connection_implicit_role_assignments": [
            {
                "role_id": "admin"
            }
        ],
        "external_group_implicit_role_assignments": [
            {
                "role_id": "editor",
                "group": "editors"
            },
            {
                "role_id": "reader",
                "group": "readers"
            }
        ]
	},
	"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
	"status_code": 200
}
RESPONSE 401
200
​
{
  "status_code": 401,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "unauthorized_credentials",
  "error_message": "Unauthorized credentials.",
  "error_url": "https://stytch.com/docs/api/errors/401"
}
RESPONSE 403
200
​
{
  "status_code": 403,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "session_authorization_error",
  "error_message": "The Member is not authorized to perform the requested action on that resource.",
  "error_url": "https://stytch.com/docs/api/errors/403"
}
RESPONSE 429
200
​
{
  "status_code": 429,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "too_many_requests",
  "error_message": "Too many requests have been made.",
  "error_url": "https://stytch.com/docs/api/errors/429"
}
RESPONSE 500
200
​
{
  "status_code": 500,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "internal_server_error",
  "error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.",
  "error_url": "https://stytch.com/docs/api/errors/500"
}