{"files":{"SKILL.md":"---\nname: single-sign-on-overview\ndescription: \"Single Sign-On Overview API skill. Use when working with Single Sign-On Overview for resources. Covers 29 endpoints.\"\nversion: 1.0.0\ngenerator: lapsh\n---\n\n# Single Sign-On Overview\nAPI version: 1.0\n\n## Auth\nBearer bearer\n\n## Base URL\nhttps://api.frontegg.com/team\n\n## Setup\n1. Set Authorization header with Bearer token\n2. GET /resources/sso/v1/saml/configurations/vendor-config -- get vendor's saml config\n3. POST /resources/sso/v1/configurations -- create first configuration\n\n## Endpoints\n29 endpoints across 1 group. See references/api-spec.lap for full details.\n\n### Resources\n| Method | Path | Description |\n|--------|------|-------------|\n| GET | /resources/sso/v1/saml/configurations/vendor-config | Get vendor's SAML config |\n| GET | /resources/sso/v1/saml/configurations/sp-certificate | Get service provider certificate |\n| GET | /resources/sso/v1/saml/configurations/sp-metadata | Get service provider metadata |\n| POST | /resources/sso/v1/configurations | Create SSO configuration |\n| GET | /resources/sso/v1/configurations | Get SSO configurations |\n| DELETE | /resources/sso/v1/configurations/{configurationId} | Delete SSO configuration |\n| PATCH | /resources/sso/v1/configurations/{configurationId} | Update SSO configuration |\n| POST | /resources/sso/v1/configurations/metadata | Create SSO configuration using metadata |\n| PUT | /resources/sso/v1/configurations/{configurationId}/metadata | Update SSO configuration using metadata |\n| POST | /resources/sso/v1/configurations/{configurationId}/domains | Create SSO domain |\n| DELETE | /resources/sso/v1/configurations/{configurationId}/domains/{domainId} | Delete SSO domain |\n| PUT | /resources/sso/v1/configurations/{configurationId}/domains/{domainId}/validate/email | Validate SSO domain by email |\n| PUT | /resources/sso/v2/configurations/{configurationId}/domains/{domainId}/validate | Validate SSO domain |\n| PUT | /resources/sso/v1/configurations/{configurationId}/roles | Set SSO default roles |\n| GET | /resources/sso/v1/configurations/{configurationId}/roles | Get SSO default roles |\n| POST | /resources/sso/v1/configurations/{configurationId}/groups | Create an SSO group |\n| GET | /resources/sso/v1/configurations/{configurationId}/groups | Get SSO group |\n| PATCH | /resources/sso/v1/configurations/{configurationId}/groups/{groupId} | Update SSO group |\n| DELETE | /resources/sso/v1/configurations/{configurationId}/groups/{groupId} | Delete SSO group |\n| POST | /resources/sso/v1/configurations/excluded-emails | Exclude email from SSO |\n| GET | /resources/sso/v1/configurations/excluded-emails | Get SSO excluded emails |\n| DELETE | /resources/sso/v1/configurations/excluded-emails/{email} | Delete SSO excluded email |\n| PUT | /resources/sso/v1/configurations/domains/{domain}/force-validate | Vendor only - Force SSO domain validation |\n| GET | /resources/sso/v1/configurations/multiple-sso-per-domain | Get SSO per account (tenant) configuration |\n| PUT | /resources/sso/v1/configurations/multiple-sso-per-domain | Create or update SSO per account (tenant) configuration |\n| PUT | /resources/sso/v1/configurations/domains | Create or update SSO domains configuration |\n| GET | /resources/sso/v1/configurations/domains | Get SSO domains configuration |\n| GET | /resources/sso/v1/oidc/configurations | Get OIDC configuration |\n| POST | /resources/sso/v1/oidc/configurations | Configure OIDC |\n\n## Common Questions\nMatch user requests to endpoints in references/api-spec.lap. Key patterns:\n- \"List all vendor-config?\" -> GET /resources/sso/v1/saml/configurations/vendor-config\n- \"List all sp-certificate?\" -> GET /resources/sso/v1/saml/configurations/sp-certificate\n- \"List all sp-metadata?\" -> GET /resources/sso/v1/saml/configurations/sp-metadata\n- \"Create a configuration?\" -> POST /resources/sso/v1/configurations\n- \"List all configurations?\" -> GET /resources/sso/v1/configurations\n- \"Delete a configuration?\" -> DELETE /resources/sso/v1/configurations/{configurationId}\n- \"Partially update a configuration?\" -> PATCH /resources/sso/v1/configurations/{configurationId}\n- \"Create a metadata?\" -> POST /resources/sso/v1/configurations/metadata\n- \"Create a domain?\" -> POST /resources/sso/v1/configurations/{configurationId}/domains\n- \"Delete a domain?\" -> DELETE /resources/sso/v1/configurations/{configurationId}/domains/{domainId}\n- \"List all roles?\" -> GET /resources/sso/v1/configurations/{configurationId}/roles\n- \"Create a group?\" -> POST /resources/sso/v1/configurations/{configurationId}/groups\n- \"List all groups?\" -> GET /resources/sso/v1/configurations/{configurationId}/groups\n- \"Partially update a group?\" -> PATCH /resources/sso/v1/configurations/{configurationId}/groups/{groupId}\n- \"Delete a group?\" -> DELETE /resources/sso/v1/configurations/{configurationId}/groups/{groupId}\n- \"Create a excluded-email?\" -> POST /resources/sso/v1/configurations/excluded-emails\n- \"List all excluded-emails?\" -> GET /resources/sso/v1/configurations/excluded-emails\n- \"Delete a excluded-email?\" -> DELETE /resources/sso/v1/configurations/excluded-emails/{email}\n- \"List all multiple-sso-per-domain?\" -> GET /resources/sso/v1/configurations/multiple-sso-per-domain\n- \"List all domains?\" -> GET /resources/sso/v1/configurations/domains\n- \"How to authenticate?\" -> See Auth section above\n\n## Response Tips\n- Check response schemas in references/api-spec.lap for field details\n- Create/update endpoints return the modified resource on success\n\n## References\n- Full spec: See references/api-spec.lap for complete endpoint details, parameter tables, and response schemas\n\n> Generated from the official API spec by [LAP](https://lap.sh)\n","references/api-spec.lap":"@lap v0.3\n# Machine-readable API spec. Each @endpoint block is one API call.\n@api Single Sign-On Overview\n@base https://api.frontegg.com/team\n@auth Bearer bearer\n@endpoints 29\n@hint download_for_search\n@toc resources(29)\n\n@endpoint GET /resources/sso/v1/saml/configurations/vendor-config\n@desc Get vendor's SAML config\n@returns(200)\n\n@endpoint GET /resources/sso/v1/saml/configurations/sp-certificate\n@desc Get service provider certificate\n@returns(200)\n\n@endpoint GET /resources/sso/v1/saml/configurations/sp-metadata\n@desc Get service provider metadata\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(200)\n\n@endpoint POST /resources/sso/v1/configurations\n@desc Create SSO configuration\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, enabled: bool, ssoEndpoint: str, publicCertificate: str, signRequest: bool, acsUrl: str, spEntityId: str, type: str, oidcClientId: str, oidcSecret: str, configMetadata: map, overrideActiveTenant: bool, subAccountAccessLimit: num, idpClientId: str # SSO app client ID used to authenticate group fetch requests, idpClientSecret: str # SSO app client secret used with the client ID for authentication}\n@returns(201)\n\n@endpoint GET /resources/sso/v1/configurations\n@desc Get SSO configurations\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(200)\n\n@endpoint DELETE /resources/sso/v1/configurations/{configurationId}\n@desc Delete SSO configuration\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str}\n@returns(200)\n\n@endpoint PATCH /resources/sso/v1/configurations/{configurationId}\n@desc Update SSO configuration\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, enabled: bool, ssoEndpoint: str, publicCertificate: str, signRequest: bool, acsUrl: str, spEntityId: str, type: str, oidcClientId: str, oidcSecret: str, configMetadata: map, overrideActiveTenant: bool, subAccountAccessLimit: num, idpClientId: str # SSO app client ID used to authenticate group fetch requests, idpClientSecret: str # SSO app client secret used with the client ID for authentication}\n@returns(200)\n\n@endpoint POST /resources/sso/v1/configurations/metadata\n@desc Create SSO configuration using metadata\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, metadata: str}\n@returns(201)\n\n@endpoint PUT /resources/sso/v1/configurations/{configurationId}/metadata\n@desc Update SSO configuration using metadata\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, metadata: str}\n@returns(200)\n\n@endpoint POST /resources/sso/v1/configurations/{configurationId}/domains\n@desc Create SSO domain\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str}\n@returns(201)\n\n@endpoint DELETE /resources/sso/v1/configurations/{configurationId}/domains/{domainId}\n@desc Delete SSO domain\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, domainId: str}\n@returns(200)\n\n@endpoint PUT /resources/sso/v1/configurations/{configurationId}/domains/{domainId}/validate/email\n@desc Validate SSO domain by email\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, domainId: str}\n@returns(200)\n\n@endpoint PUT /resources/sso/v2/configurations/{configurationId}/domains/{domainId}/validate\n@desc Validate SSO domain\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, domainId: str}\n@returns(200)\n\n@endpoint PUT /resources/sso/v1/configurations/{configurationId}/roles\n@desc Set SSO default roles\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, roleIds: [str]}\n@returns(201)\n\n@endpoint GET /resources/sso/v1/configurations/{configurationId}/roles\n@desc Get SSO default roles\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str}\n@returns(200)\n\n@endpoint POST /resources/sso/v1/configurations/{configurationId}/groups\n@desc Create an SSO group\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, group: str, roleIds: [str]}\n@returns(201)\n\n@endpoint GET /resources/sso/v1/configurations/{configurationId}/groups\n@desc Get SSO group\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str}\n@returns(200)\n\n@endpoint PATCH /resources/sso/v1/configurations/{configurationId}/groups/{groupId}\n@desc Update SSO group\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, groupId: str, group: str, roleIds: [str]}\n@returns(200)\n\n@endpoint DELETE /resources/sso/v1/configurations/{configurationId}/groups/{groupId}\n@desc Delete SSO group\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, groupId: str}\n@returns(200)\n\n@endpoint POST /resources/sso/v1/configurations/excluded-emails\n@desc Exclude email from SSO\n@required {email: str}\n@returns(201)\n\n@endpoint GET /resources/sso/v1/configurations/excluded-emails\n@desc Get SSO excluded emails\n@returns(200)\n\n@endpoint DELETE /resources/sso/v1/configurations/excluded-emails/{email}\n@desc Delete SSO excluded email\n@required {email: str}\n@returns(200)\n\n@endpoint PUT /resources/sso/v1/configurations/domains/{domain}/force-validate\n@desc Vendor only - Force SSO domain validation\n@required {domain: str}\n@returns(200)\n\n@endpoint GET /resources/sso/v1/configurations/multiple-sso-per-domain\n@desc Get SSO per account (tenant) configuration\n@returns(200)\n\n@endpoint PUT /resources/sso/v1/configurations/multiple-sso-per-domain\n@desc Create or update SSO per account (tenant) configuration\n@required {unspecifiedTenantStrategy: str, active: bool, useActiveTenant: bool}\n@returns(201)\n\n@endpoint PUT /resources/sso/v1/configurations/domains\n@desc Create or update SSO domains configuration\n@required {allowVerifiedUsersToAddDomains: bool, skipDomainVerification: bool, bypassDomainCrossValidation: bool}\n@returns(201)\n\n@endpoint GET /resources/sso/v1/configurations/domains\n@desc Get SSO domains configuration\n@returns(200)\n\n@endpoint GET /resources/sso/v1/oidc/configurations\n@desc Get OIDC configuration\n@returns(201)\n\n@endpoint POST /resources/sso/v1/oidc/configurations\n@desc Configure OIDC\n@required {active: bool}\n@optional {redirectUri: str # Redirect URI that the user will be redirected. Should match the redirect URI you set on your application. Leave it empty if you didn't change it on your application}\n@returns(201)\n\n@end\n"}}