Single sign-on module
/
SSO Configurations
/
Create an SSO group

Single Sign-On Overview

Frontegg’s Single Sign-On (SSO) enables users to sign in using their existing credentials, removing the need to create new usernames and passwords specifically for your application.

Our SSO solution supports two popular protocols: SAML and OpenID Connect (OIDC). These protocols facilitate user authentication across multiple applications and can be configured via Frontegg’s Management Portal or the Self-Service menu within your application.

This section lists all relevant API endpoints, organized into Management and Self-Service categories:

Management Endpoints: Require environment-level authorization and provide comprehensive control over SSO (SAML and OIDC) resources.

Self-Service Endpoints: Accessible with a user token (JWT), allowing users with appropriate permissions to create, update, and delete SSO connections on their accounts.

Download OpenAPI description
Users, Auth and Security
Single Sign-On
SCIM Provisioning
Entitlements
Entitlements Agent
Accounts (Tenants)
Languages
Servers
EU Region
https://api.frontegg.com/team/
US Region
https://api.us.frontegg.com/team/
CA Region
https://api.ca.frontegg.com/team/
AU Region
https://api.au.frontegg.com/team/
Frontegg sub-domain for use with user tokens
https://{domain}.frontegg.com/team/

SSO Settings

Operations

SAML Configurations Details

Operations

OIDC Configurations Details

Operations

SSO Configurations

Operations

Create SSO configuration

Request

Create SSO configuration

Headers
frontegg-tenant-idstringrequired

The tenant ID identifier

Bodyapplication/jsonrequired
enabledbooleanrequired
ssoEndpointstringrequired
publicCertificatestringrequired
signRequestbooleanrequired
acsUrlstringrequired
spEntityIdstringrequired
typestringrequired
oidcClientIdstringrequired
oidcSecretstringrequired
configMetadataobjectrequired
overrideActiveTenantbooleanrequired
subAccountAccessLimitnumberrequired
curl -i -X POST \
  https://api.frontegg.com/team/resources/sso/v1/configurations \
  -H 'Content-Type: application/json' \
  -H 'frontegg-tenant-id: string' \
  -d '{
    "enabled": true,
    "ssoEndpoint": "string",
    "publicCertificate": "string",
    "signRequest": true,
    "acsUrl": "string",
    "spEntityId": "string",
    "type": "string",
    "oidcClientId": "string",
    "oidcSecret": "string",
    "configMetadata": {},
    "overrideActiveTenant": true,
    "subAccountAccessLimit": 0
  }'

Responses

Get SSO configurations

Request

Get SSO configurations

Headers
frontegg-tenant-idstringrequired

The tenant ID identifier

curl -i -X GET \
  https://api.frontegg.com/team/resources/sso/v1/configurations \
  -H 'frontegg-tenant-id: string'

Responses

Delete SSO configuration

Request

Delete SSO configuration

Path
configurationIdstringrequired
Headers
frontegg-tenant-idstringrequired

The tenant ID identifier

curl -i -X DELETE \
  'https://api.frontegg.com/team/resources/sso/v1/configurations/{configurationId}' \
  -H 'frontegg-tenant-id: string'

Responses

Create SSO configuration using metadata

Request

Create SSO configuration using metadata

Headers
frontegg-tenant-idstringrequired

The tenant ID identifier

Bodyapplication/jsonrequired
metadatastringrequired
curl -i -X POST \
  https://api.frontegg.com/team/resources/sso/v1/configurations/metadata \
  -H 'Content-Type: application/json' \
  -H 'frontegg-tenant-id: string' \
  -d '{
    "metadata": "string"
  }'

Responses

Update SSO configuration using metadata

Request

Update SSO configuration using metadata

Path
configurationIdstringrequired
Headers
frontegg-tenant-idstringrequired

The tenant ID identifier

Bodyapplication/jsonrequired
metadatastringrequired
curl -i -X PUT \
  'https://api.frontegg.com/team/resources/sso/v1/configurations/{configurationId}/metadata' \
  -H 'Content-Type: application/json' \
  -H 'frontegg-tenant-id: string' \
  -d '{
    "metadata": "string"
  }'

Responses

Create SSO domain

Request

Create SSO domain

Path
configurationIdstringrequired
Headers
frontegg-tenant-idstringrequired

The tenant ID identifier

Bodyapplication/jsonrequired
object(CreateSSODomainRequestDto)
curl -i -X POST \
  'https://api.frontegg.com/team/resources/sso/v1/configurations/{configurationId}/domains' \
  -H 'Content-Type: application/json' \
  -H 'frontegg-tenant-id: string' \
  -d '{}'

Responses

Delete SSO domain

Request

Delete SSO domain

Path
configurationIdstringrequired
domainIdstringrequired
Headers
frontegg-tenant-idstringrequired

The tenant ID identifier

curl -i -X DELETE \
  'https://api.frontegg.com/team/resources/sso/v1/configurations/{configurationId}/domains/{domainId}' \
  -H 'frontegg-tenant-id: string'

Responses

Validate SSO domain by email

Request

Validate SSO using user's email domain

Path
configurationIdstringrequired
domainIdstringrequired
Headers
frontegg-tenant-idstringrequired

The tenant ID identifier

curl -i -X PUT \
  'https://api.frontegg.com/team/resources/sso/v1/configurations/{configurationId}/domains/{domainId}/validate/email' \
  -H 'frontegg-tenant-id: string'

Responses

Validate SSO domain

Request

Validate SSO domain

Path
configurationIdstringrequired
domainIdstringrequired
Headers
frontegg-tenant-idstringrequired

The tenant ID identifier

curl -i -X PUT \
  'https://api.frontegg.com/team/resources/sso/v2/configurations/{configurationId}/domains/{domainId}/validate' \
  -H 'frontegg-tenant-id: string'

Responses

Set SSO default roles

Request

Set SSO default roles

Path
configurationIdstringrequired
Headers
frontegg-tenant-idstringrequired

The tenant ID identifier

Bodyapplication/jsonrequired
roleIdsArray of stringsrequired
curl -i -X PUT \
  'https://api.frontegg.com/team/resources/sso/v1/configurations/{configurationId}/roles' \
  -H 'Content-Type: application/json' \
  -H 'frontegg-tenant-id: string' \
  -d '{
    "roleIds": [
      "string"
    ]
  }'

Responses

Get SSO default roles

Request

Get SSO default roles

Path
configurationIdstringrequired
Headers
frontegg-tenant-idstringrequired

The tenant ID identifier

curl -i -X GET \
  'https://api.frontegg.com/team/resources/sso/v1/configurations/{configurationId}/roles' \
  -H 'frontegg-tenant-id: string'

Responses

Create an SSO group

Request

Create an SSO group

Path
configurationIdstringrequired
Headers
frontegg-tenant-idstringrequired

The tenant ID identifier

Bodyapplication/jsonrequired
groupstringrequired
roleIdsArray of stringsrequired
curl -i -X POST \
  'https://api.frontegg.com/team/resources/sso/v1/configurations/{configurationId}/groups' \
  -H 'Content-Type: application/json' \
  -H 'frontegg-tenant-id: string' \
  -d '{
    "group": "string",
    "roleIds": [
      "string"
    ]
  }'

Responses

Get SSO group

Request

Get SSO group

Path
configurationIdstringrequired
Headers
frontegg-tenant-idstringrequired

The tenant ID identifier

curl -i -X GET \
  'https://api.frontegg.com/team/resources/sso/v1/configurations/{configurationId}/groups' \
  -H 'frontegg-tenant-id: string'

Responses

Update SSO group

Request

Update SSO group

Path
configurationIdstringrequired
groupIdstringrequired
Headers
frontegg-tenant-idstringrequired

The tenant ID identifier

Bodyapplication/jsonrequired
groupstringrequired
roleIdsArray of stringsrequired
curl -i -X PATCH \
  'https://api.frontegg.com/team/resources/sso/v1/configurations/{configurationId}/groups/{groupId}' \
  -H 'Content-Type: application/json' \
  -H 'frontegg-tenant-id: string' \
  -d '{
    "group": "string",
    "roleIds": [
      "string"
    ]
  }'

Responses

Delete SSO group

Request

Delete SSO group

Path
configurationIdstringrequired
groupIdstringrequired
Headers
frontegg-tenant-idstringrequired

The tenant ID identifier

curl -i -X DELETE \
  'https://api.frontegg.com/team/resources/sso/v1/configurations/{configurationId}/groups/{groupId}' \
  -H 'frontegg-tenant-id: string'

Responses

Create or update SSO domains configuration

Request

Create or update SSO domains configuration

Bodyapplication/jsonrequired
allowVerifiedUsersToAddDomainsbooleanrequired
skipDomainVerificationbooleanrequired
bypassDomainCrossValidationbooleanrequired
curl -i -X PUT \
  https://api.frontegg.com/team/resources/sso/v1/configurations/domains \
  -H 'Content-Type: application/json' \
  -d '{
    "allowVerifiedUsersToAddDomains": true,
    "skipDomainVerification": true,
    "bypassDomainCrossValidation": true
  }'

Responses

Get SSO domains configuration

Request

Get SSO domains configuration

curl -i -X GET \
  https://api.frontegg.com/team/resources/sso/v1/configurations/domains

Responses