## CreateSSOConfiguration

`client.Organizations.SSOConfigurations.New(ctx, body) (*OrganizationSSOConfigurationNewResponse, error)`

**post** `/gitpod.v1.OrganizationService/CreateSSOConfiguration`

Creates or updates SSO configuration for organizational authentication.

Use this method to:

- Configure OIDC-based SSO providers
- Set up built-in providers (Google, GitHub, etc.)
- Define custom identity providers
- Manage authentication policies

### Examples

- Configure built-in Google SSO:

  Sets up SSO using Google Workspace.

  ```yaml
  organizationId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047"
  clientId: "012345678-abcdefghijklmnopqrstuvwxyz.apps.googleusercontent.com"
  clientSecret: "GOCSPX-abcdefghijklmnopqrstuvwxyz123456"
  issuerUrl: "https://accounts.google.com"
  emailDomain: "acme-corp.com"
  ```

- Configure custom OIDC provider:

  Sets up SSO with a custom identity provider.

  ```yaml
  organizationId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047"
  clientId: "acme-corp-gitpod"
  clientSecret: "secret-token-value"
  issuerUrl: "https://sso.acme-corp.com"
  emailDomain: "acme-corp.com"
  ```

### Parameters

- `body OrganizationSSOConfigurationNewParams`

  - `ClientID param.Field[string]`

    client_id is the client ID of the OIDC application set on the IdP

  - `ClientSecret param.Field[string]`

    client_secret is the client secret of the OIDC application set on the IdP

  - `IssuerURL param.Field[string]`

    issuer_url is the URL of the IdP issuer

  - `OrganizationID param.Field[string]`

  - `AdditionalScopes param.Field[[]string]`

    additional_scopes are extra OIDC scopes to request from the identity provider during sign-in.
    These are appended to the default scopes (openid, email, profile).

  - `ClaimsExpression param.Field[string]`

    claims_expression is an optional CEL expression evaluated against OIDC token claims during login.
    When set, the expression must evaluate to true for the login to succeed.
    Example: `claims.email_verified && claims.email.endsWith("@example.com")`

  - `DisplayName param.Field[string]`

  - `EmailDomain param.Field[string]`

    email_domain is the domain that is allowed to sign in to the organization

  - `EmailDomains param.Field[[]string]`

### Returns

- `type OrganizationSSOConfigurationNewResponse struct{…}`

  - `SSOConfiguration SSOConfiguration`

    sso_configuration is the created SSO configuration

    - `ID string`

      id is the unique identifier of the SSO configuration

    - `IssuerURL string`

      issuer_url is the URL of the IdP issuer

    - `OrganizationID string`

    - `ProviderType ProviderType`

      provider_type defines the type of the SSO configuration

      - `const ProviderTypeUnspecified ProviderType = "PROVIDER_TYPE_UNSPECIFIED"`

      - `const ProviderTypeBuiltin ProviderType = "PROVIDER_TYPE_BUILTIN"`

      - `const ProviderTypeCustom ProviderType = "PROVIDER_TYPE_CUSTOM"`

    - `State SSOConfigurationState`

      state is the state of the SSO configuration

      - `const SSOConfigurationStateUnspecified SSOConfigurationState = "SSO_CONFIGURATION_STATE_UNSPECIFIED"`

      - `const SSOConfigurationStateInactive SSOConfigurationState = "SSO_CONFIGURATION_STATE_INACTIVE"`

      - `const SSOConfigurationStateActive SSOConfigurationState = "SSO_CONFIGURATION_STATE_ACTIVE"`

    - `AdditionalScopes []string`

      additional_scopes are extra OIDC scopes requested from the identity provider during sign-in.

    - `Claims map[string, string]`

      claims are key/value pairs that defines a mapping of claims issued by the IdP.

    - `ClaimsExpression string`

      claims_expression is a CEL (Common Expression Language) expression evaluated against
      the OIDC token claims during login. When set, the expression must evaluate to true
      for the login to succeed. The expression has access to a `claims` variable containing
      all token claims as a map. Example: `claims.email_verified && claims.email.endsWith("@example.com")`

    - `ClientID string`

      client_id is the client ID of the OIDC application set on the IdP

    - `DisplayName string`

    - `EmailDomain string`

    - `EmailDomains []string`

### Example

```go
package main

import (
  "context"
  "fmt"

  "github.com/gitpod-io/gitpod-sdk-go"
  "github.com/gitpod-io/gitpod-sdk-go/option"
)

func main() {
  client := gitpod.NewClient(
    option.WithBearerToken("My Bearer Token"),
  )
  ssoConfiguration, err := client.Organizations.SSOConfigurations.New(context.TODO(), gitpod.OrganizationSSOConfigurationNewParams{
    ClientID: gitpod.F("012345678-abcdefghijklmnopqrstuvwxyz.apps.googleusercontent.com"),
    ClientSecret: gitpod.F("GOCSPX-abcdefghijklmnopqrstuvwxyz123456"),
    IssuerURL: gitpod.F("https://accounts.google.com"),
    OrganizationID: gitpod.F("b0e12f6c-4c67-429d-a4a6-d9838b5da047"),
    EmailDomain: gitpod.F("acme-corp.com"),
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", ssoConfiguration.SSOConfiguration)
}
```

#### Response

```json
{
  "ssoConfiguration": {
    "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "issuerUrl": "issuerUrl",
    "organizationId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "providerType": "PROVIDER_TYPE_UNSPECIFIED",
    "state": "SSO_CONFIGURATION_STATE_UNSPECIFIED",
    "additionalScopes": [
      "string"
    ],
    "claims": {
      "foo": "string"
    },
    "claimsExpression": "claimsExpression",
    "clientId": "clientId",
    "displayName": "displayName",
    "emailDomain": "emailDomain",
    "emailDomains": [
      "sfN2.l.iJR-BU.u9JV9.a.m.o2D-4b-Jd.0Z-kX.L.n.S.f.UKbxB"
    ]
  }
}
```