RecomlyRecomlyRecomlyDocs
Single Sign-On

List SSO providers

Retrieve all SSO providers configured for your organization.

GET /app/sso/providers

Returns all SSO providers for the authenticated organization, including their domain mappings and provider configuration. Requires the admin role and the SSO plan feature.

The client secret is never returned.

Request

See API Basics for required headers.

This endpoint takes no request body.

Sample request

curl https://api.recomly.com/app/sso/providers \
  -H "Authorization: Bearer rk_live_abc123:def456"

Sample response

Status: 200 OK

{
  "providers": [
    {
      "providerId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
      "name": "Acme SAML",
      "providerType": "SAML",
      "cognitoProviderName": "PLATFORM-a1b2c3d4-ef123456",
      "enabled": true,
      "domains": ["acme.com", "acme.org"],
      "samlMetadataXml": "<?xml version=\"1.0\"?>...",
      "createdAt": "2026-01-10T12:00:00.000Z",
      "updatedAt": "2026-04-01T08:00:00.000Z"
    },
    {
      "providerId": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
      "name": "Acme OIDC",
      "providerType": "OIDC",
      "cognitoProviderName": "PLATFORM-b2c3d4e5-f12345678",
      "enabled": false,
      "domains": ["internal.acme.com"],
      "oidcIssuer": "https://dev-12345678.okta.com",
      "oidcClientId": "0oabc123def456ghi789",
      "oidcAuthorizationEndpoint": "https://dev-12345678.okta.com/oauth2/v1/authorize",
      "oidcTokenEndpoint": "https://dev-12345678.okta.com/oauth2/v1/token",
      "oidcUserInfoEndpoint": "https://dev-12345678.okta.com/oauth2/v1/userinfo",
      "oidcJwksUri": "https://dev-12345678.okta.com/oauth2/v1/keys",
      "createdAt": "2026-02-15T09:30:00.000Z",
      "updatedAt": "2026-03-20T14:00:00.000Z"
    }
  ]
}

Response fields

Provider object

FieldTypeDescription
providerIdstringUnique identifier for the provider.
namestringDisplay name for the provider.
providerType"SAML" | "OIDC"The configured provider protocol.
cognitoProviderNamestringInternal Cognito identity provider name.
enabledbooleanWhether this provider is active for SSO login.
domainsstring[]Email domains that route users to this provider.
samlMetadataXmlstring | undefinedThe IdP federation metadata XML (SAML only).
oidcIssuerstring | undefinedIssuer URL (OIDC only).
oidcClientIdstring | undefinedClient ID (OIDC only).
oidcAuthorizationEndpointstring | undefinedAuthorization endpoint URL (OIDC only).
oidcTokenEndpointstring | undefinedToken endpoint URL (OIDC only).
oidcUserInfoEndpointstring | undefinedUserInfo endpoint URL (OIDC only).
oidcJwksUristring | undefinedJWKS URI (OIDC only).
createdAtstringISO 8601 timestamp.
updatedAtstringISO 8601 timestamp.

Error responses

See API Basics for standard status codes and error response format.

StatusMeaning
403SSO feature not enabled on the plan.

Delete logo

Remove the organization's saved logo from storage and branding settings.

Get SSO provider

Retrieve a single SSO provider by ID.

On this page

RequestSample requestSample responseResponse fieldsProvider objectError responses

We use cookies

We use essential cookies to keep the site working, and optional analytics cookies to understand how it's used. Read our Privacy Policy.