API Reference

Organizations

SSO Configurations

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

CreateSSOConfiguration

organizations.sso_configurations.create(SSOConfigurationCreateParams**kwargs) -> SSOConfigurationCreateResponse

POST/gitpod.v1.OrganizationService/CreateSSOConfiguration

Creates or updates SSO configuration for organizational authentication.

Use this method to:

• Configure OIDC-based SSO providers
• Set up built-in providers (Google, GitHub, etc.)
• Define custom identity providers
• Manage authentication policies

Examples

• Configure built-in Google SSO:

  Sets up SSO using Google Workspace.

  organizationId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047"
  clientId: "012345678-abcdefghijklmnopqrstuvwxyz.apps.googleusercontent.com"
  clientSecret: "GOCSPX-abcdefghijklmnopqrstuvwxyz123456"
  issuerUrl: "https://accounts.google.com"
  emailDomain: "acme-corp.com"

• Configure custom OIDC provider:

  Sets up SSO with a custom identity provider.

  organizationId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047"
  clientId: "acme-corp-gitpod"
  clientSecret: "secret-token-value"
  issuerUrl: "https://sso.acme-corp.com"
  emailDomain: "acme-corp.com"

ParametersExpand Collapse

client_id: str

client_id is the client ID of the OIDC application set on the IdP

minLength1

client_secret: str

client_secret is the client secret of the OIDC application set on the IdP

minLength1

issuer_url: str

issuer_url is the URL of the IdP issuer

formaturi

organization_id: str

formatuuid

additional_scopes: Optional[Sequence[str]]

additional_scopes are extra OIDC scopes to request from the identity provider during sign-in. These are appended to the default scopes (openid, email, profile).

claims_expression: Optional[str]

claims_expression is an optional CEL expression evaluated against OIDC token claims during login. When set, the expression must evaluate to true for the login to succeed. Example: claims.email_verified && claims.email.endsWith("@example.com")

maxLength4096

display_name: Optional[str]

maxLength128

email_domain: Optional[str]

email_domain is the domain that is allowed to sign in to the organization

minLength4

email_domains: Optional[Sequence[str]]

ReturnsExpand Collapse

class SSOConfigurationCreateResponse: …

sso_configuration: SSOConfiguration

sso_configuration is the created SSO configuration

id: str

id is the unique identifier of the SSO configuration

formatuuid

issuer_url: str

issuer_url is the URL of the IdP issuer

organization_id: str

formatuuid

provider_type: ProviderType

provider_type defines the type of the SSO configuration

One of the following:

"PROVIDER_TYPE_UNSPECIFIED"

"PROVIDER_TYPE_BUILTIN"

"PROVIDER_TYPE_CUSTOM"

state: SSOConfigurationState

state is the state of the SSO configuration

One of the following:

"SSO_CONFIGURATION_STATE_UNSPECIFIED"

"SSO_CONFIGURATION_STATE_INACTIVE"

"SSO_CONFIGURATION_STATE_ACTIVE"

additional_scopes: Optional[List[str]]

additional_scopes are extra OIDC scopes requested from the identity provider during sign-in.

claims: Optional[Dict[str, str]]

claims are key/value pairs that defines a mapping of claims issued by the IdP.

claims_expression: Optional[str]

claims_expression is a CEL (Common Expression Language) expression evaluated against the OIDC token claims during login. When set, the expression must evaluate to true for the login to succeed. The expression has access to a claims variable containing all token claims as a map. Example: claims.email_verified && claims.email.endsWith("@example.com")

maxLength4096

client_id: Optional[str]

client_id is the client ID of the OIDC application set on the IdP

display_name: Optional[str]

maxLength128

email_domain: Optional[str]

email_domains: Optional[List[str]]

CreateSSOConfiguration

Python

HTTP

TypeScript

Python

Go

import os
from gitpod import Gitpod

client = Gitpod(
    bearer_token=os.environ.get("GITPOD_API_KEY"),  # This is the default and can be omitted
)
sso_configuration = client.organizations.sso_configurations.create(
    client_id="012345678-abcdefghijklmnopqrstuvwxyz.apps.googleusercontent.com",
    client_secret="GOCSPX-abcdefghijklmnopqrstuvwxyz123456",
    issuer_url="https://accounts.google.com",
    organization_id="b0e12f6c-4c67-429d-a4a6-d9838b5da047",
    email_domain="acme-corp.com",
)
print(sso_configuration.sso_configuration)

200 example

{
  "ssoConfiguration": {
    "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "issuerUrl": "issuerUrl",
    "organizationId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "providerType": "PROVIDER_TYPE_UNSPECIFIED",
    "state": "SSO_CONFIGURATION_STATE_UNSPECIFIED",
    "additionalScopes": [
      "string"
    ],
    "claims": {
      "foo": "string"
    },
    "claimsExpression": "claimsExpression",
    "clientId": "clientId",
    "displayName": "displayName",
    "emailDomain": "emailDomain",
    "emailDomains": [
      "sfN2.l.iJR-BU.u9JV9.a.m.o2D-4b-Jd.0Z-kX.L.n.S.f.UKbxB"
    ]
  }
}

Returns Examples

200 example

{
  "ssoConfiguration": {
    "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "issuerUrl": "issuerUrl",
    "organizationId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "providerType": "PROVIDER_TYPE_UNSPECIFIED",
    "state": "SSO_CONFIGURATION_STATE_UNSPECIFIED",
    "additionalScopes": [
      "string"
    ],
    "claims": {
      "foo": "string"
    },
    "claimsExpression": "claimsExpression",
    "clientId": "clientId",
    "displayName": "displayName",
    "emailDomain": "emailDomain",
    "emailDomains": [
      "sfN2.l.iJR-BU.u9JV9.a.m.o2D-4b-Jd.0Z-kX.L.n.S.f.UKbxB"
    ]
  }
}