Overview
The SSO API enables SAML and OIDC single sign-on configuration for the Truss platform. Providers can be configured, retrieved, or removed. All SSO endpoints support auto-provisioning: if the authenticating email does not exist in the system, a new organization and user are created automatically.
Endpoints
| Method | Path | Description |
|---|---|---|
| POST | /sso/configure | Configure a SAML or OIDC provider |
| GET | /sso/config | Get current SSO configuration |
| DELETE | /sso/config | Remove SSO configuration |
| POST | /auth/saml/callback | SAML assertion consumer URL |
| POST | /auth/oidc/callback | OIDC callback URL |
Example
curl -X POST http://localhost:4000/sso/configure \
-H "Content-Type: application/json" \
-d '{"provider":"saml","metadata_url":"https://idp.example.com/metadata"}'