Skip to main content
POST
/
v2
/
session
/
apps
/
{appID}
/
config
/
login
/
saml
/
{providerID}
Create SAML connection
curl --request POST \
  --url https://api.prelude.dev/v2/session/apps/{appID}/config/login/saml/{providerID} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "behavior": {
    "allow_email_account_merge": true,
    "jit_provisioning": true,
    "enforce_login": true,
    "default_redirect_uri": "<string>",
    "email_domain_allowlist": [
      "<string>"
    ]
  },
  "enabled": true,
  "domain": "<string>",
  "idp_metadata_url": "<string>",
  "idp_metadata_xml": "<string>",
  "mapping": {
    "email": "<string>",
    "first_name": "<string>",
    "last_name": "<string>",
    "groups": "<string>",
    "custom": {}
  }
}
'
{
  "connection": {
    "id": "<string>",
    "provider_id": "<string>",
    "name": "<string>",
    "enabled": true,
    "idp": {
      "entity_id": "<string>",
      "sso_url": "<string>",
      "slo_url": "<string>",
      "certificates": [
        "<string>"
      ]
    },
    "sp": {
      "entity_id": "<string>",
      "acs_url": "<string>",
      "slo_url": "<string>",
      "metadata_url": "<string>",
      "signing_certificate": "<string>"
    },
    "behavior": {
      "allow_email_account_merge": true,
      "jit_provisioning": true,
      "enforce_login": true,
      "default_redirect_uri": "<string>",
      "email_domain_allowlist": [
        "<string>"
      ]
    },
    "mapping": {
      "email": "<string>",
      "given_name": "<string>",
      "family_name": "<string>",
      "groups": "<string>",
      "custom": {}
    },
    "created_at": "2023-11-07T05:31:56Z",
    "updated_at": "2023-11-07T05:31:56Z"
  }
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

appID
string
required

The id of the app the request refers to. An application's unique identifier.

Examples:

"54e9ujn"

"fvua38g"

providerID
string
required

The SAML provider identifier.

Examples:

"okta"

"google"

"jumpcloud"

Body

application/json
name
string
required
Example:

"Acme Okta"

behavior
object
required
enabled
boolean
Example:

true

domain
string

App domain baked into the SP endpoints. Optional when the app has exactly one active domain; required for multi-domain apps.

Example:

"session.acme.com"

idp_metadata_url
string<uri>

HTTPS URL to the IdP's metadata document. Provide exactly one IdP source.

Example:

"https://acme.okta.com/app/abc/sso/saml/metadata"

idp_metadata_xml
string

Raw or base64-encoded IdP metadata XML (for air-gapped IdPs). Provide exactly one IdP source.

idp
object

Explicit IdP block. Provide this only when you are not using idp_metadata_url or idp_metadata_xml. Certificates accept raw PEM or base64-wrapped PEM.

mapping
object

Maps SAML assertion attributes to user profile fields. Defaults are applied per provider when omitted.

Response

Created

connection
object
required