CreateSSOConfiguration

client.Organizations.SSOConfigurations.New(ctx, body) (*OrganizationSSOConfigurationNewResponse, error)

POST/gitpod.v1.OrganizationService/CreateSSOConfiguration

Creates or updates SSO configuration for organizational authentication.

Use this method to:

Configure OIDC-based SSO providers
Set up built-in providers (Google, GitHub, etc.)
Define custom identity providers
Manage authentication policies

Examples

Configure built-in Google SSO:

Sets up SSO using Google Workspace.

organizationId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047"
clientId: "012345678-abcdefghijklmnopqrstuvwxyz.apps.googleusercontent.com"
clientSecret: "GOCSPX-abcdefghijklmnopqrstuvwxyz123456"
issuerUrl: "https://accounts.google.com"
emailDomain: "acme-corp.com"

Configure custom OIDC provider:

Sets up SSO with a custom identity provider.

organizationId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047"
clientId: "acme-corp-gitpod"
clientSecret: "secret-token-value"
issuerUrl: "https://sso.acme-corp.com"
emailDomain: "acme-corp.com"

ParametersExpand Collapse

body OrganizationSSOConfigurationNewParams

ClientID param.Field[string]

client_id is the client ID of the OIDC application set on the IdP

minLength1

ClientSecret param.Field[string]

client_secret is the client secret of the OIDC application set on the IdP

minLength1

IssuerURL param.Field[string]

issuer_url is the URL of the IdP issuer

formaturi

OrganizationID param.Field[string]

formatuuid

AdditionalScopes param.Field[[]string]Optional

additional_scopes are extra OIDC scopes to request from the identity provider during sign-in. These are appended to the default scopes (openid, email, profile).

ClaimsExpression param.Field[string]Optional

claims_expression is an optional CEL expression evaluated against OIDC token claims during login. When set, the expression must evaluate to true for the login to succeed. Example: claims.email_verified && claims.email.endsWith("@example.com")

maxLength4096

DisplayName param.Field[string]Optional

maxLength128

EmailDomain param.Field[string]Optional

email_domain is the domain that is allowed to sign in to the organization

minLength4

EmailDomains param.Field[[]string]Optional

ReturnsExpand Collapse

type OrganizationSSOConfigurationNewResponse struct{…}

SSOConfiguration SSOConfiguration

sso_configuration is the created SSO configuration

ID string

id is the unique identifier of the SSO configuration

formatuuid

IssuerURL string

issuer_url is the URL of the IdP issuer

OrganizationID string

formatuuid

ProviderType ProviderType

provider_type defines the type of the SSO configuration

One of the following:

const ProviderTypeUnspecified ProviderType = "PROVIDER_TYPE_UNSPECIFIED"

const ProviderTypeBuiltin ProviderType = "PROVIDER_TYPE_BUILTIN"

const ProviderTypeCustom ProviderType = "PROVIDER_TYPE_CUSTOM"

State SSOConfigurationState

state is the state of the SSO configuration

One of the following:

const SSOConfigurationStateUnspecified SSOConfigurationState = "SSO_CONFIGURATION_STATE_UNSPECIFIED"

const SSOConfigurationStateInactive SSOConfigurationState = "SSO_CONFIGURATION_STATE_INACTIVE"

const SSOConfigurationStateActive SSOConfigurationState = "SSO_CONFIGURATION_STATE_ACTIVE"

AdditionalScopes []stringOptional

additional_scopes are extra OIDC scopes requested from the identity provider during sign-in.

Claims map[string, string]Optional

claims are key/value pairs that defines a mapping of claims issued by the IdP.

ClaimsExpression stringOptional

claims_expression is a CEL (Common Expression Language) expression evaluated against the OIDC token claims during login. When set, the expression must evaluate to true for the login to succeed. The expression has access to a claims variable containing all token claims as a map. Example: claims.email_verified && claims.email.endsWith("@example.com")

maxLength4096

ClientID stringOptional

client_id is the client ID of the OIDC application set on the IdP

DisplayName stringOptional

maxLength128

EmailDomain stringOptional

EmailDomains []stringOptional

CreateSSOConfiguration

package main

import (
  "context"
  "fmt"

  "github.com/gitpod-io/gitpod-sdk-go"
  "github.com/gitpod-io/gitpod-sdk-go/option"
)

func main() {
  client := gitpod.NewClient(
    option.WithBearerToken("My Bearer Token"),
  )
  ssoConfiguration, err := client.Organizations.SSOConfigurations.New(context.TODO(), gitpod.OrganizationSSOConfigurationNewParams{
    ClientID: gitpod.F("012345678-abcdefghijklmnopqrstuvwxyz.apps.googleusercontent.com"),
    ClientSecret: gitpod.F("GOCSPX-abcdefghijklmnopqrstuvwxyz123456"),
    IssuerURL: gitpod.F("https://accounts.google.com"),
    OrganizationID: gitpod.F("b0e12f6c-4c67-429d-a4a6-d9838b5da047"),
    EmailDomain: gitpod.F("acme-corp.com"),
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", ssoConfiguration.SSOConfiguration)
}

{
  "ssoConfiguration": {
    "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "issuerUrl": "issuerUrl",
    "organizationId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "providerType": "PROVIDER_TYPE_UNSPECIFIED",
    "state": "SSO_CONFIGURATION_STATE_UNSPECIFIED",
    "additionalScopes": [
      "string"
    ],
    "claims": {
      "foo": "string"
    },
    "claimsExpression": "claimsExpression",
    "clientId": "clientId",
    "displayName": "displayName",
    "emailDomain": "emailDomain",
    "emailDomains": [
      "sfN2.l.iJR-BU.u9JV9.a.m.o2D-4b-Jd.0Z-kX.L.n.S.f.UKbxB"
    ]
  }
}

Returns Examples

{
  "ssoConfiguration": {
    "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "issuerUrl": "issuerUrl",
    "organizationId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "providerType": "PROVIDER_TYPE_UNSPECIFIED",
    "state": "SSO_CONFIGURATION_STATE_UNSPECIFIED",
    "additionalScopes": [
      "string"
    ],
    "claims": {
      "foo": "string"
    },
    "claimsExpression": "claimsExpression",
    "clientId": "clientId",
    "displayName": "displayName",
    "emailDomain": "emailDomain",
    "emailDomains": [
      "sfN2.l.iJR-BU.u9JV9.a.m.o2D-4b-Jd.0Z-kX.L.n.S.f.UKbxB"
    ]
  }
}