Create SAML application

POST /api/saml-applications

Create a new SAML application with the given configuration. A default signing certificate with 3 years lifetime will be automatically created.

application/json

Body Required

  • name string Required

    The name of the SAML application.

    Minimum length is 1, maximum length is 256.

  • description string | null

    Optional description of the SAML application.

  • customData object

    Optional custom data for the application.

  • attributeMapping object
    Hide attributeMapping attributes Show attributeMapping attributes object
    • sub string
    • name string
    • given_name string
    • family_name string
    • middle_name string
    • nickname string
    • preferred_username string
    • profile string
    • picture string
    • website string
    • email string
    • email_verified string
    • gender string
    • birthdate string
    • zoneinfo string
    • locale string
    • phone_number string
    • phone_number_verified string
    • address string
    • updated_at string
    • username string
    • roles string
    • organizations string
    • organization_data string
    • organization_roles string
    • custom_data string
    • identities string
    • sso_identities string
    • created_at string
  • entityId string | null

    Maximum length is 128.

  • acsUrl string | null

    The Assertion Consumer Service (ACS) URL where the SAML response will be sent.

  • encryption object | null

    Validator function

  • nameIdFormat string Required

    Values are urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:2.0:nameid-format:transient, or urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified. Default value is urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.

Responses

  • 201 application/json

    The SAML application was created successfully.

    Hide response attributes Show response attributes object
    • tenantId string Required

      Maximum length is 21.

    • id string Required

      Minimum length is 1, maximum length is 21.

    • name string Required

      Minimum length is 1, maximum length is 256.

    • description string | null Required
    • type string Required

      Values are Native, SPA, Traditional, MachineToMachine, Protected, or SAML.

    • customData object Required

      arbitrary

    • isThirdParty boolean Required
    • createdAt number Required
    • attributeMapping object Required
      Hide attributeMapping attributes Show attributeMapping attributes object
      • sub string
      • name string
      • given_name string
      • family_name string
      • middle_name string
      • nickname string
      • preferred_username string
      • profile string
      • picture string
      • website string
      • email string
      • email_verified string
      • gender string
      • birthdate string
      • zoneinfo string
      • locale string
      • phone_number string
      • phone_number_verified string
      • address string
      • updated_at string
      • username string
      • roles string
      • organizations string
      • organization_data string
      • organization_roles string
      • custom_data string
      • identities string
      • sso_identities string
      • created_at string
    • entityId string | null Required

      Maximum length is 128.

    • acsUrl object | null Required
      Hide acsUrl attributes Show acsUrl attributes object | null
      • binding string Required

        Values are urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST or urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect.

      • url string(url) Required
    • encryption object | null Required

      Validator function

    • nameIdFormat string Required

      Values are urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:2.0:nameid-format:transient, or urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.

  • 400

    Invalid request body.

  • 401

    Unauthorized

  • 403

    Forbidden

  • 422

    Validation error. The ACS URL is invalid or other validation errors.

POST /api/saml-applications
curl \
 --request POST 'https://[tenant_id].logto.app/api/saml-applications' \
 --header "Authorization: Bearer $ACCESS_TOKEN" \
 --header "Content-Type: application/json" \
 --data '{"name":"string","description":"string","customData":{},"attributeMapping":{"sub":"string","name":"string","given_name":"string","family_name":"string","middle_name":"string","nickname":"string","preferred_username":"string","profile":"string","picture":"string","website":"string","email":"string","email_verified":"string","gender":"string","birthdate":"string","zoneinfo":"string","locale":"string","phone_number":"string","phone_number_verified":"string","address":"string","updated_at":"string","username":"string","roles":"string","organizations":"string","organization_data":"string","organization_roles":"string","custom_data":"string","identities":"string","sso_identities":"string","created_at":"string"},"entityId":"string","acsUrl":"string","encryption":{},"nameIdFormat":"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"}'
Request examples
{
  "name": "string",
  "description": "string",
  "customData": {},
  "attributeMapping": {
    "sub": "string",
    "name": "string",
    "given_name": "string",
    "family_name": "string",
    "middle_name": "string",
    "nickname": "string",
    "preferred_username": "string",
    "profile": "string",
    "picture": "string",
    "website": "string",
    "email": "string",
    "email_verified": "string",
    "gender": "string",
    "birthdate": "string",
    "zoneinfo": "string",
    "locale": "string",
    "phone_number": "string",
    "phone_number_verified": "string",
    "address": "string",
    "updated_at": "string",
    "username": "string",
    "roles": "string",
    "organizations": "string",
    "organization_data": "string",
    "organization_roles": "string",
    "custom_data": "string",
    "identities": "string",
    "sso_identities": "string",
    "created_at": "string"
  },
  "entityId": "string",
  "acsUrl": "string",
  "encryption": {},
  "nameIdFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
}
Response examples (201)
{
  "tenantId": "string",
  "id": "string",
  "name": "string",
  "description": "string",
  "type": "Native",
  "customData": {},
  "isThirdParty": true,
  "createdAt": 42.0,
  "attributeMapping": {
    "sub": "string",
    "name": "string",
    "given_name": "string",
    "family_name": "string",
    "middle_name": "string",
    "nickname": "string",
    "preferred_username": "string",
    "profile": "string",
    "picture": "string",
    "website": "string",
    "email": "string",
    "email_verified": "string",
    "gender": "string",
    "birthdate": "string",
    "zoneinfo": "string",
    "locale": "string",
    "phone_number": "string",
    "phone_number_verified": "string",
    "address": "string",
    "updated_at": "string",
    "username": "string",
    "roles": "string",
    "organizations": "string",
    "organization_data": "string",
    "organization_roles": "string",
    "custom_data": "string",
    "identities": "string",
    "sso_identities": "string",
    "created_at": "string"
  },
  "entityId": "string",
  "acsUrl": {
    "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
    "url": "string"
  },
  "encryption": {},
  "nameIdFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
}