Skip to main content
import { useStytchB2BClient } from '@stytch/react/b2b';

export const UpdateSAMLConnection = () => {
  const stytch = useStytchB2BClient();

  const updateConnection = async () => {
    const response = await stytch.sso.saml.updateConnection({
      connection_id: 'saml-connection-test-d89ff7a0-e86f-4b4d-b6a3-9a74d967528e',
      display_name: 'Updated SAML Connection',
      identity_provider: 'okta',
      idp_entity_id: 'https://idp.example.com/entity',
      idp_sso_url: 'https://idp.example.com/sso',
      x509_certificate: '-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----',
    });
    console.log('Updated connection:', response.connection);
  };

  return <button onClick={updateConnection}>Update SAML Connection</button>;
};
sso.saml.updateConnection wraps the Update SAML Connection API endpoint. The organization_id will be automatically inferred from the logged-in session. This method cannot be used to update SAML connections in other .
RBAC Enforced MethodThis method requires a valid Session for a member with permission to perform the Action on the Resource.Before using this method, enable Member actions & organization modifications in the Frontend SDK page. To learn more, see our RBAC guide.

Parameters

connection_id
string
required
Globally unique UUID that identifies a specific SSO connection_id for a Member.
identity_provider
string
required
Name of the IdP. Enum with possible values: classlink, cyberark, duo, google-workspace, jumpcloud, keycloak, miniorange, microsoft-entra, okta, onelogin, pingfederate, rippling, salesforce, shibboleth, or generic.Specifying a known provider allows Stytch to handle any provider-specific logic.
idp_entity_id
string
required
A globally unique name for the IdP. This will be provided by the IdP.
A globally unique name for the IdP. This will be provided by the IdP.
display_name
string
required
A human-readable display name for the connection.
attribute_mapping
object
An object that represents the attributes used to identify a Member. This object will map the IdP-defined User attributes to Stytch-specific values. Required attributes: email and one of full_name or first_name and last_name.
idp_sso_url
string
required
The URL for which assertions for login requests will be sent. This will be provided by the IdP.
x509_certificate
string
required
A certificate that Stytch will use to verify the sign-in assertion sent by the IdP, in PEM format.
saml_connection_implicit_role_assignments
array
required
An array of implicit role assignments granted to members in this organization who log in with this SAML connection. See our RBAC guide for more information about role assignment.
saml_group_implicit_role_assignments
array
required
An array of implicit role assignments granted to members in this organization who log in with this SAML connection and belong to the specified group. Before adding any group implicit role assignments, you must add a groups key to your SAML connection’s attribute_mapping. Make sure that your IdP is configured to correctly send the group information. See our RBAC guide for more information about role assignment.
saml_encryption_private_key
string
required
A PKCS1 format RSA private key used to decrypt encrypted SAML assertions. Only PKCS1 format (starting with -----BEGIN RSA PRIVATE KEY-----) is supported.
signing_private_key
string
required
A private key in PEM format that Stytch will use to decrypt encrypted SAML assertions.

Response

connection
object
The SAML Connection object updated by this API call.
request_id
string
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
status_code
number
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.