Skip to main content
PUT
/
enterprise
/
sso
Update SSO configuration
curl --request PUT \
  --url https://api.engagefabric.com/enterprise/sso \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "provider": "SAML",
  "displayName": "Sign in with Acme Corp",
  "samlEntityId": "https://idp.customer.com/saml",
  "samlSsoUrl": "https://idp.customer.com/saml/sso",
  "samlCertificate": "<string>",
  "oidcIssuer": "https://idp.customer.com",
  "oidcClientId": "<string>",
  "oidcClientSecret": "<string>",
  "oidcScopes": [
    "openid",
    "profile",
    "email"
  ],
  "autoProvision": true,
  "defaultRole": "VIEWER",
  "allowedDomains": [
    "customer.com",
    "subsidiary.com"
  ],
  "enforceSso": false
}
'

Authorizations

Authorization
string
header
required

JWT token for admin console authentication

Body

application/json
provider
enum<string>
required

SSO provider type

Available options:
SAML,
OIDC,
AZURE_AD,
OKTA,
GOOGLE_WORKSPACE
displayName
string

Display name for the SSO button

Example:

"Sign in with Acme Corp"

samlEntityId
string

SAML Entity ID (for SAML provider)

Example:

"https://idp.customer.com/saml"

samlSsoUrl
string

SAML SSO URL (for SAML provider)

Example:

"https://idp.customer.com/saml/sso"

samlCertificate
string

SAML X.509 Certificate (PEM format)

oidcIssuer
string

OIDC Issuer URL (for OIDC provider)

Example:

"https://idp.customer.com"

oidcClientId
string

OIDC Client ID

oidcClientSecret
string

OIDC Client Secret

oidcScopes
string[]

OIDC Scopes

autoProvision
boolean
default:true

Automatically create users on first login

defaultRole
enum<string>
default:VIEWER

Default role for auto-provisioned users

Available options:
OWNER,
ADMIN,
DESIGNER,
DEVELOPER,
VIEWER
allowedDomains
string[]

Allowed email domains (empty means all domains)

Example:
["customer.com", "subsidiary.com"]
enforceSso
boolean
default:false

Force SSO for all users (no password login)

Response

SSO configuration updated