Skip to content
Ona API Reference
Ona Docs
API Reference
Organizations

SSO Configurations

CreateSSOConfiguration
POST/gitpod.v1.OrganizationService/CreateSSOConfiguration
DeleteSSOConfiguration
POST/gitpod.v1.OrganizationService/DeleteSSOConfiguration
ListSSOConfigurations
POST/gitpod.v1.OrganizationService/ListSSOConfigurations
GetSSOConfiguration
POST/gitpod.v1.OrganizationService/GetSSOConfiguration
UpdateSSOConfiguration
POST/gitpod.v1.OrganizationService/UpdateSSOConfiguration
ModelsExpand Collapse
AdditionalScopesUpdate object { scopes }

AdditionalScopesUpdate wraps a list of OIDC scopes so that the update request can distinguish “not changing scopes” (field absent) from “clearing all scopes” (field present, empty list).

scopes: optional array of string
ProviderType = "PROVIDER_TYPE_UNSPECIFIED" or "PROVIDER_TYPE_BUILTIN" or "PROVIDER_TYPE_CUSTOM"
One of the following:
"PROVIDER_TYPE_UNSPECIFIED"
"PROVIDER_TYPE_BUILTIN"
"PROVIDER_TYPE_CUSTOM"
SSOConfiguration object { id, issuerUrl, organizationId, 9 more }
id: string

id is the unique identifier of the SSO configuration

formatuuid
issuerUrl: string

issuer_url is the URL of the IdP issuer

organizationId: string
formatuuid
providerType: ProviderType

provider_type defines the type of the SSO configuration

One of the following:
"PROVIDER_TYPE_UNSPECIFIED"
"PROVIDER_TYPE_BUILTIN"
"PROVIDER_TYPE_CUSTOM"
state: SSOConfigurationState

state is the state of the SSO configuration

One of the following:
"SSO_CONFIGURATION_STATE_UNSPECIFIED"
"SSO_CONFIGURATION_STATE_INACTIVE"
"SSO_CONFIGURATION_STATE_ACTIVE"
additionalScopes: optional array of string

additional_scopes are extra OIDC scopes requested from the identity provider during sign-in.

claims: optional map[string]

claims are key/value pairs that defines a mapping of claims issued by the IdP.

claimsExpression: optional string

claims_expression is a CEL (Common Expression Language) expression evaluated against the OIDC token claims during login. When set, the expression must evaluate to true for the login to succeed. The expression has access to a claims variable containing all token claims as a map. Example: claims.email_verified && claims.email.endsWith("@example.com")

maxLength4096
clientId: optional string

client_id is the client ID of the OIDC application set on the IdP

displayName: optional string
maxLength128
emailDomain: optional string
emailDomains: optional array of string
SSOConfigurationState = "SSO_CONFIGURATION_STATE_UNSPECIFIED" or "SSO_CONFIGURATION_STATE_INACTIVE" or "SSO_CONFIGURATION_STATE_ACTIVE"
One of the following:
"SSO_CONFIGURATION_STATE_UNSPECIFIED"
"SSO_CONFIGURATION_STATE_INACTIVE"
"SSO_CONFIGURATION_STATE_ACTIVE"
SSOConfigurationCreateResponse object { ssoConfiguration }
ssoConfiguration: SSOConfiguration { id, issuerUrl, organizationId, 9 more }

sso_configuration is the created SSO configuration

id: string

id is the unique identifier of the SSO configuration

formatuuid
issuerUrl: string

issuer_url is the URL of the IdP issuer

organizationId: string
formatuuid
providerType: ProviderType

provider_type defines the type of the SSO configuration

One of the following:
"PROVIDER_TYPE_UNSPECIFIED"
"PROVIDER_TYPE_BUILTIN"
"PROVIDER_TYPE_CUSTOM"
state: SSOConfigurationState

state is the state of the SSO configuration

One of the following:
"SSO_CONFIGURATION_STATE_UNSPECIFIED"
"SSO_CONFIGURATION_STATE_INACTIVE"
"SSO_CONFIGURATION_STATE_ACTIVE"
additionalScopes: optional array of string

additional_scopes are extra OIDC scopes requested from the identity provider during sign-in.

claims: optional map[string]

claims are key/value pairs that defines a mapping of claims issued by the IdP.

claimsExpression: optional string

claims_expression is a CEL (Common Expression Language) expression evaluated against the OIDC token claims during login. When set, the expression must evaluate to true for the login to succeed. The expression has access to a claims variable containing all token claims as a map. Example: claims.email_verified && claims.email.endsWith("@example.com")

maxLength4096
clientId: optional string

client_id is the client ID of the OIDC application set on the IdP

displayName: optional string
maxLength128
emailDomain: optional string
emailDomains: optional array of string
SSOConfigurationDeleteResponse = unknown
SSOConfigurationRetrieveResponse object { ssoConfiguration }
ssoConfiguration: SSOConfiguration { id, issuerUrl, organizationId, 9 more }

sso_configuration is the SSO configuration identified by the ID

id: string

id is the unique identifier of the SSO configuration

formatuuid
issuerUrl: string

issuer_url is the URL of the IdP issuer

organizationId: string
formatuuid
providerType: ProviderType

provider_type defines the type of the SSO configuration

One of the following:
"PROVIDER_TYPE_UNSPECIFIED"
"PROVIDER_TYPE_BUILTIN"
"PROVIDER_TYPE_CUSTOM"
state: SSOConfigurationState

state is the state of the SSO configuration

One of the following:
"SSO_CONFIGURATION_STATE_UNSPECIFIED"
"SSO_CONFIGURATION_STATE_INACTIVE"
"SSO_CONFIGURATION_STATE_ACTIVE"
additionalScopes: optional array of string

additional_scopes are extra OIDC scopes requested from the identity provider during sign-in.

claims: optional map[string]

claims are key/value pairs that defines a mapping of claims issued by the IdP.

claimsExpression: optional string

claims_expression is a CEL (Common Expression Language) expression evaluated against the OIDC token claims during login. When set, the expression must evaluate to true for the login to succeed. The expression has access to a claims variable containing all token claims as a map. Example: claims.email_verified && claims.email.endsWith("@example.com")

maxLength4096
clientId: optional string

client_id is the client ID of the OIDC application set on the IdP

displayName: optional string
maxLength128
emailDomain: optional string
emailDomains: optional array of string
SSOConfigurationUpdateResponse = unknown