Avnology ID
SDKsTypeScript SDKAdmin API

SSO Connections

Configure SAML and OIDC enterprise SSO connections per organization with the TypeScript SDK.

SSO Connections

Configure enterprise Single Sign-On (SSO) for organizations. Each organization can have one or more SSO connections using SAML 2.0 or OIDC.

createSsoConnection()

client.admin.createSsoConnection(params: CreateSsoConnectionParams): Promise<SsoConnection>

Parameters

NameTypeRequiredDescription
organizationIdstringyesOrganization ID
namestringyesConnection display name (e.g., "Okta SSO")
type"saml" | "oidc"yesProtocol
samlSamlConfigconditionalSAML configuration (required if type is "saml")
oidcOidcConfigconditionalOIDC configuration (required if type is "oidc")

SAML configuration

const connection = await client.admin.createSsoConnection({
  organizationId: "org_abc123",
  name: "Okta SAML",
  type: "saml",
  saml: {
    metadataUrl: "https://acme.okta.com/app/123/sso/saml/metadata",
    // OR provide raw metadata XML:
    // metadataXml: "<md:EntityDescriptor ...>",
    defaultRole: "member",
    attributeMapping: {
      email: "NameID",
      firstName: "firstName",
      lastName: "lastName",
      groups: "groups",
    },
  },
});

console.log(connection.id);                // "sso_abc123"
console.log(connection.status);            // "active"
console.log(connection.saml.acsUrl);       // ACS URL to give to the IdP
console.log(connection.saml.entityId);     // SP Entity ID
console.log(connection.saml.metadataUrl);  // SP metadata URL

OIDC configuration

const connection = await client.admin.createSsoConnection({
  organizationId: "org_abc123",
  name: "Azure AD OIDC",
  type: "oidc",
  oidc: {
    discoveryUrl: "https://login.microsoftonline.com/tenant-id/v2.0/.well-known/openid-configuration",
    clientId: "azure-client-id",
    clientSecret: "azure-client-secret",
    defaultRole: "member",
  },
});

listSsoConnections()

const connections = await client.admin.listSsoConnections({
  organizationId: "org_abc123",
});

for (const conn of connections.connections) {
  console.log(conn.id, conn.name, conn.type, conn.status);
}

updateSsoConnection()

await client.admin.updateSsoConnection({
  connectionId: "sso_abc123",
  name: "Updated Okta SAML",
  saml: {
    metadataUrl: "https://acme.okta.com/app/456/sso/saml/metadata",
  },
});

deleteSsoConnection()

await client.admin.deleteSsoConnection({
  connectionId: "sso_abc123",
});

Common errors

Error classHTTP statusWhen
NotFoundError404Connection not found
ValidationError422Invalid metadata URL or config
ForbiddenError403Insufficient permissions

See also

Group Management

Create and manage static and dynamic groups with the TypeScript SDK.

Directory Sync

Configure SCIM 2.0 directory synchronization for enterprise organizations with the TypeScript SDK.

On this page

SSO ConnectionscreateSsoConnection()ParametersSAML configurationOIDC configurationlistSsoConnections()updateSsoConnection()deleteSsoConnection()Common errorsSee also