@lap v0.3
# Machine-readable API spec. Each @endpoint block is one API call.
@api Single Sign-On Overview
@base https://api.frontegg.com/team
@version 1.0
@auth Bearer bearer
@endpoints 29
@hint download_for_search
@toc resources(29)

@endpoint GET /resources/sso/v1/saml/configurations/vendor-config
@desc Get vendor's SAML config
@returns(200)

@endpoint GET /resources/sso/v1/saml/configurations/sp-certificate
@desc Get service provider certificate
@returns(200)

@endpoint GET /resources/sso/v1/saml/configurations/sp-metadata
@desc Get service provider metadata
@required {frontegg-tenant-id: str # The account (tenant) ID identifier}
@returns(200)

@endpoint POST /resources/sso/v1/configurations
@desc Create SSO configuration
@required {frontegg-tenant-id: str # The account (tenant) ID identifier, enabled: bool, ssoEndpoint: str, publicCertificate: str, signRequest: bool, acsUrl: str, spEntityId: str, type: str, oidcClientId: str, oidcSecret: str, configMetadata: map, overrideActiveTenant: bool, subAccountAccessLimit: num, idpClientId: str # SSO app client ID used to authenticate group fetch requests, idpClientSecret: str # SSO app client secret used with the client ID for authentication}
@returns(201)

@endpoint GET /resources/sso/v1/configurations
@desc Get SSO configurations
@required {frontegg-tenant-id: str # The account (tenant) ID identifier}
@returns(200)

@endpoint DELETE /resources/sso/v1/configurations/{configurationId}
@desc Delete SSO configuration
@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str}
@returns(200)

@endpoint PATCH /resources/sso/v1/configurations/{configurationId}
@desc Update SSO configuration
@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, enabled: bool, ssoEndpoint: str, publicCertificate: str, signRequest: bool, acsUrl: str, spEntityId: str, type: str, oidcClientId: str, oidcSecret: str, configMetadata: map, overrideActiveTenant: bool, subAccountAccessLimit: num, idpClientId: str # SSO app client ID used to authenticate group fetch requests, idpClientSecret: str # SSO app client secret used with the client ID for authentication}
@returns(200)

@endpoint POST /resources/sso/v1/configurations/metadata
@desc Create SSO configuration using metadata
@required {frontegg-tenant-id: str # The account (tenant) ID identifier, metadata: str}
@returns(201)

@endpoint PUT /resources/sso/v1/configurations/{configurationId}/metadata
@desc Update SSO configuration using metadata
@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, metadata: str}
@returns(200)

@endpoint POST /resources/sso/v1/configurations/{configurationId}/domains
@desc Create SSO domain
@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str}
@returns(201)

@endpoint DELETE /resources/sso/v1/configurations/{configurationId}/domains/{domainId}
@desc Delete SSO domain
@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, domainId: str}
@returns(200)

@endpoint PUT /resources/sso/v1/configurations/{configurationId}/domains/{domainId}/validate/email
@desc Validate SSO domain by email
@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, domainId: str}
@returns(200)

@endpoint PUT /resources/sso/v2/configurations/{configurationId}/domains/{domainId}/validate
@desc Validate SSO domain
@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, domainId: str}
@returns(200)

@endpoint PUT /resources/sso/v1/configurations/{configurationId}/roles
@desc Set SSO default roles
@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, roleIds: [str]}
@returns(201)

@endpoint GET /resources/sso/v1/configurations/{configurationId}/roles
@desc Get SSO default roles
@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str}
@returns(200)

@endpoint POST /resources/sso/v1/configurations/{configurationId}/groups
@desc Create an SSO group
@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, group: str, roleIds: [str]}
@returns(201)

@endpoint GET /resources/sso/v1/configurations/{configurationId}/groups
@desc Get SSO group
@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str}
@returns(200)

@endpoint PATCH /resources/sso/v1/configurations/{configurationId}/groups/{groupId}
@desc Update SSO group
@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, groupId: str, group: str, roleIds: [str]}
@returns(200)

@endpoint DELETE /resources/sso/v1/configurations/{configurationId}/groups/{groupId}
@desc Delete SSO group
@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, groupId: str}
@returns(200)

@endpoint POST /resources/sso/v1/configurations/excluded-emails
@desc Exclude email from SSO
@required {email: str}
@returns(201)

@endpoint GET /resources/sso/v1/configurations/excluded-emails
@desc Get SSO excluded emails
@returns(200)

@endpoint DELETE /resources/sso/v1/configurations/excluded-emails/{email}
@desc Delete SSO excluded email
@required {email: str}
@returns(200)

@endpoint PUT /resources/sso/v1/configurations/domains/{domain}/force-validate
@desc Vendor only - Force SSO domain validation
@required {domain: str}
@returns(200)

@endpoint GET /resources/sso/v1/configurations/multiple-sso-per-domain
@desc Get SSO per account (tenant) configuration
@returns(200)

@endpoint PUT /resources/sso/v1/configurations/multiple-sso-per-domain
@desc Create or update SSO per account (tenant) configuration
@required {unspecifiedTenantStrategy: str, active: bool, useActiveTenant: bool}
@returns(201)

@endpoint PUT /resources/sso/v1/configurations/domains
@desc Create or update SSO domains configuration
@required {allowVerifiedUsersToAddDomains: bool, skipDomainVerification: bool, bypassDomainCrossValidation: bool}
@returns(201)

@endpoint GET /resources/sso/v1/configurations/domains
@desc Get SSO domains configuration
@returns(200)

@endpoint GET /resources/sso/v1/oidc/configurations
@desc Get OIDC configuration
@returns(201)

@endpoint POST /resources/sso/v1/oidc/configurations
@desc Configure OIDC
@required {active: bool}
@optional {redirectUri: str # Redirect URI that the user will be redirected. Should match the redirect URI you set on your application. Leave it empty if you didn't change it on your application}
@returns(201)

@end