# Single Sign-On Overview Frontegg’s Single Sign-On (SSO) enables users to sign in using their existing credentials, removing the need to create new usernames and passwords specifically for your application. Our SSO solution supports two popular protocols: SAML and OpenID Connect (OIDC). These protocols facilitate user authentication across multiple applications and can be configured via Frontegg’s Management Portal or the Self-Service menu within your application. This section lists all relevant API endpoints, organized into Management and Self-Service categories: **Management Endpoints**: Require environment-level authorization and provide comprehensive control over SSO (SAML and OIDC) resources.
**Self-Service Endpoints**: Accessible with a user token (JWT), allowing users with appropriate permissions to create, update, and delete SSO connections on their accounts. ## Servers EU Region ``` https://api.frontegg.com/team ``` US Region ``` https://api.us.frontegg.com/team ``` CA Region ``` https://api.ca.frontegg.com/team ``` AU Region ``` https://api.au.frontegg.com/team ``` Frontegg sub-domain for use with user tokens ``` https://{domain}.frontegg.com/team ``` Variables: - `domain` Default: "app-xxx" ## Security ### bearer Type: http Scheme: bearer Bearer Format: JWT ## Download OpenAPI description [Single Sign-On Overview](https://developers.frontegg.com/_bundle/ciam/api/team.yaml) ## SSO Settings ### Get service provider metadata - [GET /resources/sso/v1/saml/configurations/sp-metadata](https://developers.frontegg.com/ciam/api/team/sso-settings/samlcontrollerv1_getspmetadata.md): Get service provider metadata ### Exclude email from SSO - [POST /resources/sso/v1/configurations/excluded-emails](https://developers.frontegg.com/ciam/api/team/sso-settings/excludeemailsfromssov1_excludessoemail.md): Exclude email from SSO ### Get SSO excluded emails - [GET /resources/sso/v1/configurations/excluded-emails](https://developers.frontegg.com/ciam/api/team/sso-settings/excludeemailsfromssov1_getssoexcludedemails.md): Get SSO excluded emails ### Delete SSO excluded email - [DELETE /resources/sso/v1/configurations/excluded-emails/{email}](https://developers.frontegg.com/ciam/api/team/sso-settings/excludeemailsfromssov1_deletessoexcludedemail.md): Delete SSO excluded email ### Vendor only - Force SSO domain validation - [PUT /resources/sso/v1/configurations/domains/{domain}/force-validate](https://developers.frontegg.com/ciam/api/team/sso-settings/vendoronlyssoconfigurationcontrollerv1_forcessodomainvalidation.md): Vendor only - Force SSO domain validation ### Get SSO per tenant configuration - [GET /resources/sso/v1/configurations/multiple-sso-per-domain](https://developers.frontegg.com/ciam/api/team/sso-settings/ssopertenantcontrollerv1_getssopertenantconfig.md): Get SSO per tenant configuration ### Create or update SSO per tenant configuration - [PUT /resources/sso/v1/configurations/multiple-sso-per-domain](https://developers.frontegg.com/ciam/api/team/sso-settings/ssopertenantcontrollerv1_createorupdatessopertenantconfig.md): Create or update SSO per tenant configuration ### Configure OIDC - [POST /resources/sso/v1/oidc/configurations](https://developers.frontegg.com/ciam/api/team/sso-settings/oidccontrollerv1_configureoidc.md): Configure OIDC ## SAML Configurations Details ### Get vendor's SAML config - [GET /resources/sso/v1/saml/configurations/vendor-config](https://developers.frontegg.com/ciam/api/team/saml-configurations-details/samlcontrollerv1_getvendorsamlconfig.md): Get vendor's SAML config ### Get service provider certificate - [GET /resources/sso/v1/saml/configurations/sp-certificate](https://developers.frontegg.com/ciam/api/team/saml-configurations-details/samlcontrollerv1_getspcertificate.md): Get service provider certificate ## OIDC Configurations Details ### Get OIDC configuration - [GET /resources/sso/v1/oidc/configurations](https://developers.frontegg.com/ciam/api/team/oidc-configurations-details/oidccontrollerv1_getoidcconifguration.md): Get OIDC configuration ## SSO Configurations ### Create SSO configuration - [POST /resources/sso/v1/configurations](https://developers.frontegg.com/ciam/api/team/sso-configurations/ssoconfigurationcontrollerv1_createssoconfiguration.md): Create SSO configuration ### Get SSO configurations - [GET /resources/sso/v1/configurations](https://developers.frontegg.com/ciam/api/team/sso-configurations/ssoconfigurationcontrollerv1_getssoconfigurations.md): Get SSO configurations ### Delete SSO configuration - [DELETE /resources/sso/v1/configurations/{configurationId}](https://developers.frontegg.com/ciam/api/team/sso-configurations/ssoconfigurationcontrollerv1_deletessoconfiguration.md): Delete SSO configuration ### Create SSO configuration using metadata - [POST /resources/sso/v1/configurations/metadata](https://developers.frontegg.com/ciam/api/team/sso-configurations/ssoconfigurationcontrollerv1_createssoconfigurationbymetadata.md): Create SSO configuration using metadata ### Update SSO configuration using metadata - [PUT /resources/sso/v1/configurations/{configurationId}/metadata](https://developers.frontegg.com/ciam/api/team/sso-configurations/ssoconfigurationcontrollerv1_updatessoconfigurationbymetadata.md): Update SSO configuration using metadata ### Create SSO domain - [POST /resources/sso/v1/configurations/{configurationId}/domains](https://developers.frontegg.com/ciam/api/team/sso-configurations/ssodomaincontrollerv1_createssodomain.md): Create SSO domain ### Delete SSO domain - [DELETE /resources/sso/v1/configurations/{configurationId}/domains/{domainId}](https://developers.frontegg.com/ciam/api/team/sso-configurations/ssodomaincontrollerv1_deletessodomain.md): Delete SSO domain ### Validate SSO domain by email - [PUT /resources/sso/v1/configurations/{configurationId}/domains/{domainId}/validate/email](https://developers.frontegg.com/ciam/api/team/sso-configurations/ssodomaincontrollerv1_validatessodomainbyemail.md): Validate SSO using user's email domain ### Validate SSO domain - [PUT /resources/sso/v2/configurations/{configurationId}/domains/{domainId}/validate](https://developers.frontegg.com/ciam/api/team/sso-configurations/ssodomaincontrollerv2_validatessodomain.md): Validate SSO domain ### Set SSO default roles - [PUT /resources/sso/v1/configurations/{configurationId}/roles](https://developers.frontegg.com/ciam/api/team/sso-configurations/ssorolescontrollerv1_setssodefaultroles.md): Set SSO default roles ### Get SSO default roles - [GET /resources/sso/v1/configurations/{configurationId}/roles](https://developers.frontegg.com/ciam/api/team/sso-configurations/ssorolescontrollerv1_getssodefaultroles.md): Get SSO default roles ### Create an SSO group - [POST /resources/sso/v1/configurations/{configurationId}/groups](https://developers.frontegg.com/ciam/api/team/sso-configurations/ssogroupscontrollerv1_createssogroup.md): Create an SSO group ### Get SSO group - [GET /resources/sso/v1/configurations/{configurationId}/groups](https://developers.frontegg.com/ciam/api/team/sso-configurations/ssogroupscontrollerv1_getssogroup.md): Get SSO group ### Update SSO group - [PATCH /resources/sso/v1/configurations/{configurationId}/groups/{groupId}](https://developers.frontegg.com/ciam/api/team/sso-configurations/ssogroupscontrollerv1_updatessogroup.md): Update SSO group ### Delete SSO group - [DELETE /resources/sso/v1/configurations/{configurationId}/groups/{groupId}](https://developers.frontegg.com/ciam/api/team/sso-configurations/ssogroupscontrollerv1_deletessogroup.md): Delete SSO group ### Create or update SSO domains configuration - [PUT /resources/sso/v1/configurations/domains](https://developers.frontegg.com/ciam/api/team/sso-configurations/ssodomainsconfigurationcontrollerv1_createorupdatessodomainsconfiguration.md): Create or update SSO domains configuration ### Get SSO domains configuration - [GET /resources/sso/v1/configurations/domains](https://developers.frontegg.com/ciam/api/team/sso-configurations/ssodomainsconfigurationcontrollerv1_getssodomainsconfiguration.md): Get SSO domains configuration