RecomlyRecomlyRecomlyDocs
Single Sign-On

Get SSO provider

Retrieve a single SSO provider by ID.

GET /app/sso/providers/{providerId}

Returns the full configuration for a single SSO provider. Requires the admin role and the SSO plan feature.

The client secret is never returned.

Path parameters

ParameterDescription
providerIdThe UUID of the SSO provider.

Request

See API Basics for required headers.

This endpoint takes no request body.

Sample request

curl https://api.recomly.com/app/sso/providers/a1b2c3d4-e5f6-7890-abcd-ef1234567890 \
  -H "Authorization: Bearer rk_live_abc123:def456"

Sample response — SAML

Status: 200 OK

{
  "providerId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "name": "Acme SAML",
  "providerType": "SAML",
  "cognitoProviderName": "PLATFORM-a1b2c3d4-ef123456",
  "enabled": true,
  "domains": ["acme.com", "acme.org"],
  "samlMetadataXml": "<?xml version=\"1.0\"?>...",
  "idpLogoutUrl": "https://idp.acme.com/saml/logout",
  "createdAt": "2026-01-10T12:00:00.000Z",
  "updatedAt": "2026-04-01T08:00:00.000Z"
}

Sample response — OIDC

{
  "providerId": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
  "name": "Acme OIDC",
  "providerType": "OIDC",
  "cognitoProviderName": "PLATFORM-b2c3d4e5-f12345678",
  "enabled": true,
  "domains": ["internal.acme.com"],
  "oidcIssuer": "https://dev-12345678.okta.com",
  "oidcClientId": "0oabc123def456ghi789",
  "oidcAuthorizationEndpoint": "https://dev-12345678.okta.com/oauth2/v1/authorize",
  "oidcTokenEndpoint": "https://dev-12345678.okta.com/oauth2/v1/token",
  "oidcUserInfoEndpoint": "https://dev-12345678.okta.com/oauth2/v1/userinfo",
  "oidcJwksUri": "https://dev-12345678.okta.com/oauth2/v1/keys",
  "idpLogoutUrl": "https://dev-12345678.okta.com/oauth2/v1/logout",
  "createdAt": "2026-02-15T09:30:00.000Z",
  "updatedAt": "2026-03-20T14:00:00.000Z"
}

Response fields

FieldTypeDescription
providerIdstringUnique identifier for the provider.
namestringDisplay name for the provider.
providerType"SAML" | "OIDC"The configured provider protocol.
cognitoProviderNamestringInternal Cognito identity provider name.
enabledbooleanWhether this provider is active for SSO login.
domainsstring[]Email domains that route users to this provider.
samlMetadataXmlstring | undefinedThe IdP federation metadata XML (SAML only).
oidcIssuerstring | undefinedIssuer URL (OIDC only).
oidcClientIdstring | undefinedClient ID (OIDC only).
oidcAuthorizationEndpointstring | undefinedAuthorization endpoint URL (OIDC only).
oidcTokenEndpointstring | undefinedToken endpoint URL (OIDC only).
oidcUserInfoEndpointstring | undefinedUserInfo endpoint URL (OIDC only).
oidcJwksUristring | undefinedJWKS URI (OIDC only).
idpLogoutUrlstring | undefinedThe IdP's single logout URL, auto-extracted from metadata on save. Present when available.
createdAtstringISO 8601 timestamp.
updatedAtstringISO 8601 timestamp.

Error responses

See API Basics for standard status codes and error response format.

StatusMeaning
403SSO feature not enabled on the plan.
404SSO provider not found or does not belong to the caller's organization.

List SSO providers

Retrieve all SSO providers configured for your organization.

Create SSO provider

Create a new SAML or OIDC SSO provider for your organization.

On this page

Path parametersRequestSample requestSample response — SAMLSample response — OIDCResponse fieldsError responses

We use cookies

We use essential cookies to keep the site working, and optional analytics cookies to understand how it's used. Read our Privacy Policy.