SSOService
Manages SSO (Single Sign-On) provider configuration for enterprise identity federation via SAML 2.0.
Methods
Section titled “Methods”| Method | Description |
|---|---|
CheckSSOByDomain | Check if a domain has SSO configured |
CreateSSOProvider | Create a new SSO provider |
GetSSOProvider | Get SSO provider details |
DeleteSSOProvider | Delete an SSO provider |
CheckSSOByDomain
Section titled “CheckSSOByDomain”Check if a given email domain has an SSO provider configured. Used during the login flow to redirect users to their IdP.
Authorization: Public (no authentication required)
Request: CheckSSOByDomainRequest
Section titled “Request: CheckSSOByDomainRequest”| Field | Type | Description |
|---|---|---|
domain | string | Email domain to check (e.g., company.com). |
Response: CheckSSOByDomainResponse
Section titled “Response: CheckSSOByDomainResponse”| Field | Type | Description |
|---|---|---|
has_sso | bool | Whether SSO is configured for this domain. |
provider_name | string | SSO provider name (if configured). |
Example
Section titled “Example”TypeScript (Connect-Web)
const response = await ssoClient.checkSSOByDomain({ domain: "company.com",});
if (response.hasSso) { // Redirect to SSO login flow}Go (gRPC)
resp, err := ssoClient.CheckSSOByDomain(ctx, &pidgrv1.CheckSSOByDomainRequest{ Domain: "company.com",})if resp.HasSso { // Redirect to SSO login flow}CreateSSOProvider
Section titled “CreateSSOProvider”Create a new SSO provider for the organization.
Authorization: Requires MANAGE_SSO permission
Request: CreateSSOProviderRequest
Section titled “Request: CreateSSOProviderRequest”| Field | Type | Description |
|---|---|---|
name | string | Provider name. Max 200 characters. |
type | SSOProviderType | Provider type (SAML). |
domain | string | Email domain for routing. |
metadata_url | string | SAML metadata URL. Max 2048 characters. |
metadata_xml | string | SAML metadata XML (alternative to URL). |
attribute_mappings | SSOAttributeMapping[] | Attribute mappings. |
Response: CreateSSOProviderResponse
Section titled “Response: CreateSSOProviderResponse”| Field | Type | Description |
|---|---|---|
provider | SSOProvider | The created SSO provider. |
GetSSOProvider
Section titled “GetSSOProvider”Get SSO provider details for the organization.
Authorization: Requires VIEW_SSO permission
Request: GetSSOProviderRequest
Section titled “Request: GetSSOProviderRequest”Empty request. Returns the organization’s SSO provider.
Response: GetSSOProviderResponse
Section titled “Response: GetSSOProviderResponse”| Field | Type | Description |
|---|---|---|
provider | SSOProvider | The SSO provider. |
DeleteSSOProvider
Section titled “DeleteSSOProvider”Delete the organization’s SSO provider. Users will fall back to passkey/email OTP authentication.
Authorization: Requires MANAGE_SSO permission
Request: DeleteSSOProviderRequest
Section titled “Request: DeleteSSOProviderRequest”Empty request.
Response: DeleteSSOProviderResponse
Section titled “Response: DeleteSSOProviderResponse”Empty response on success.
SSOProvider Message
Section titled “SSOProvider Message”| Field | Type | Description |
|---|---|---|
id | string | Unique identifier. |
name | string | Provider name. |
type | SSOProviderType | Provider type. |
domain | string | Email domain. |
metadata_url | string | SAML metadata URL. |
attribute_mappings | SSOAttributeMapping[] | Attribute mappings. |
created_at | Timestamp | Creation timestamp. |
SSOAttributeMapping
Section titled “SSOAttributeMapping”| Field | Type | Description |
|---|---|---|
saml_attribute | string | SAML assertion attribute name. |
pidgr_field | string | Pidgr user profile field to map to. |
SSOProviderType
Section titled “SSOProviderType”| Value | Description |
|---|---|
SAML | SAML 2.0 identity provider |