{"note":"OpenAPI conversion -- returning structured metadata","name":"frontegg-sso","description":"Single Sign-On Overview","version":"1.0","base_url":"https://api.frontegg.com/team","endpoints":29,"raw":"@lap v0.3\n# Machine-readable API spec. Each @endpoint block is one API call.\n@api Single Sign-On Overview\n@base https://api.frontegg.com/team\n@version 1.0\n@auth Bearer bearer\n@endpoints 29\n@hint download_for_search\n@toc resources(29)\n\n@endpoint GET /resources/sso/v1/saml/configurations/vendor-config\n@desc Get vendor's SAML config\n@returns(200)\n\n@endpoint GET /resources/sso/v1/saml/configurations/sp-certificate\n@desc Get service provider certificate\n@returns(200)\n\n@endpoint GET /resources/sso/v1/saml/configurations/sp-metadata\n@desc Get service provider metadata\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(200)\n\n@endpoint POST /resources/sso/v1/configurations\n@desc Create SSO configuration\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, enabled: bool, ssoEndpoint: str, publicCertificate: str, signRequest: bool, acsUrl: str, spEntityId: str, type: str, oidcClientId: str, oidcSecret: str, configMetadata: map, overrideActiveTenant: bool, subAccountAccessLimit: num, idpClientId: str # SSO app client ID used to authenticate group fetch requests, idpClientSecret: str # SSO app client secret used with the client ID for authentication}\n@returns(201)\n\n@endpoint GET /resources/sso/v1/configurations\n@desc Get SSO configurations\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(200)\n\n@endpoint DELETE /resources/sso/v1/configurations/{configurationId}\n@desc Delete SSO configuration\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str}\n@returns(200)\n\n@endpoint PATCH /resources/sso/v1/configurations/{configurationId}\n@desc Update SSO configuration\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, enabled: bool, ssoEndpoint: str, publicCertificate: str, signRequest: bool, acsUrl: str, spEntityId: str, type: str, oidcClientId: str, oidcSecret: str, configMetadata: map, overrideActiveTenant: bool, subAccountAccessLimit: num, idpClientId: str # SSO app client ID used to authenticate group fetch requests, idpClientSecret: str # SSO app client secret used with the client ID for authentication}\n@returns(200)\n\n@endpoint POST /resources/sso/v1/configurations/metadata\n@desc Create SSO configuration using metadata\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, metadata: str}\n@returns(201)\n\n@endpoint PUT /resources/sso/v1/configurations/{configurationId}/metadata\n@desc Update SSO configuration using metadata\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, metadata: str}\n@returns(200)\n\n@endpoint POST /resources/sso/v1/configurations/{configurationId}/domains\n@desc Create SSO domain\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str}\n@returns(201)\n\n@endpoint DELETE /resources/sso/v1/configurations/{configurationId}/domains/{domainId}\n@desc Delete SSO domain\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, domainId: str}\n@returns(200)\n\n@endpoint PUT /resources/sso/v1/configurations/{configurationId}/domains/{domainId}/validate/email\n@desc Validate SSO domain by email\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, domainId: str}\n@returns(200)\n\n@endpoint PUT /resources/sso/v2/configurations/{configurationId}/domains/{domainId}/validate\n@desc Validate SSO domain\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, domainId: str}\n@returns(200)\n\n@endpoint PUT /resources/sso/v1/configurations/{configurationId}/roles\n@desc Set SSO default roles\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, roleIds: [str]}\n@returns(201)\n\n@endpoint GET /resources/sso/v1/configurations/{configurationId}/roles\n@desc Get SSO default roles\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str}\n@returns(200)\n\n@endpoint POST /resources/sso/v1/configurations/{configurationId}/groups\n@desc Create an SSO group\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, group: str, roleIds: [str]}\n@returns(201)\n\n@endpoint GET /resources/sso/v1/configurations/{configurationId}/groups\n@desc Get SSO group\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str}\n@returns(200)\n\n@endpoint PATCH /resources/sso/v1/configurations/{configurationId}/groups/{groupId}\n@desc Update SSO group\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, groupId: str, group: str, roleIds: [str]}\n@returns(200)\n\n@endpoint DELETE /resources/sso/v1/configurations/{configurationId}/groups/{groupId}\n@desc Delete SSO group\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, configurationId: str, groupId: str}\n@returns(200)\n\n@endpoint POST /resources/sso/v1/configurations/excluded-emails\n@desc Exclude email from SSO\n@required {email: str}\n@returns(201)\n\n@endpoint GET /resources/sso/v1/configurations/excluded-emails\n@desc Get SSO excluded emails\n@returns(200)\n\n@endpoint DELETE /resources/sso/v1/configurations/excluded-emails/{email}\n@desc Delete SSO excluded email\n@required {email: str}\n@returns(200)\n\n@endpoint PUT /resources/sso/v1/configurations/domains/{domain}/force-validate\n@desc Vendor only - Force SSO domain validation\n@required {domain: str}\n@returns(200)\n\n@endpoint GET /resources/sso/v1/configurations/multiple-sso-per-domain\n@desc Get SSO per account (tenant) configuration\n@returns(200)\n\n@endpoint PUT /resources/sso/v1/configurations/multiple-sso-per-domain\n@desc Create or update SSO per account (tenant) configuration\n@required {unspecifiedTenantStrategy: str, active: bool, useActiveTenant: bool}\n@returns(201)\n\n@endpoint PUT /resources/sso/v1/configurations/domains\n@desc Create or update SSO domains configuration\n@required {allowVerifiedUsersToAddDomains: bool, skipDomainVerification: bool, bypassDomainCrossValidation: bool}\n@returns(201)\n\n@endpoint GET /resources/sso/v1/configurations/domains\n@desc Get SSO domains configuration\n@returns(200)\n\n@endpoint GET /resources/sso/v1/oidc/configurations\n@desc Get OIDC configuration\n@returns(201)\n\n@endpoint POST /resources/sso/v1/oidc/configurations\n@desc Configure OIDC\n@required {active: bool}\n@optional {redirectUri: str # Redirect URI that the user will be redirected. Should match the redirect URI you set on your application. Leave it empty if you didn't change it on your application}\n@returns(201)\n\n@end\n"}