# SSO Clients Groups Configure Mosaic SSO Service to streamline login for users. Create and manage SSO clients group to control your SSO login experience. ## Servers Sandbox environment ``` https://api.sbx.transmitsecurity.io/cis ``` Production environment (US) ``` https://api.transmitsecurity.io/cis ``` Production environment (EU) ``` https://api.eu.transmitsecurity.io/cis ``` Production environment (CA) ``` https://api.ca.transmitsecurity.io/cis ``` Production environment (AU) ``` https://api.au.transmitsecurity.io/cis ``` ## Security ### bearer Type: http Scheme: bearer Bearer Format: JWT ### UserAccessToken A token returned upon end-user authentication, which provides access to resources and data for the user and app for which it was generated Type: http Scheme: bearer Bearer Format: JWT ### AdminAccessToken A token generated by a management application using the [token endpoint](/openapi/token.openapi/other/getaccesstoken). It provides access to all resources for the tenant and its apps Type: oauth2 ### ClientAccessToken A token generated by an end-user application using the [token endpoint](/openapi/token.openapi/other/getaccesstoken). It provides access to resources and data on the tenant level or associated with the specific application (but not other apps in the tenant) Type: oauth2 ### OrgAdminAccessToken A token returned upon B2B authentication for a user that has the organizationAdmin or organizationCreator role. Type: oauth2 ## Download OpenAPI description [SSO Clients Groups](https://developer.transmitsecurity.com/_bundle/openapi/user/sso-clients-groups.openapi.yaml) ## Other ### Create clients group - [POST /v1/sso-service/sso-group](https://developer.transmitsecurity.com/openapi/user/sso-clients-groups.openapi/other/createclientsgroup.md): Creates a new SSO clients group. Required permissions: sso-service:edit. ### Get all clients groups - [GET /v1/sso-service/sso-group](https://developer.transmitsecurity.com/openapi/user/sso-clients-groups.openapi/other/getallclientsgroups.md): Retrieves a list of all clients groups. Required permissions: sso-service:read. ### Get clients group by ID - [GET /v1/sso-service/sso-group/{groupId}](https://developer.transmitsecurity.com/openapi/user/sso-clients-groups.openapi/other/getclientsgroup.md): Retrieves a clients group by its ID. The clients group ID is a unique identifier for a clients group. Required permissions: sso-service:read. ### Update clients group - [PUT /v1/sso-service/sso-group/{groupId}](https://developer.transmitsecurity.com/openapi/user/sso-clients-groups.openapi/other/updateclientsgroup.md): Updates an existing clients group. The clients group ID is a unique identifier for a clients group. Required permissions: sso-service:edit. ### Delete clients group - [DELETE /v1/sso-service/sso-group/{groupId}](https://developer.transmitsecurity.com/openapi/user/sso-clients-groups.openapi/other/deleteclientsgroup.md): Deletes a clients group. Required permissions: sso-service:edit, sso-service:delete. ### Create SSO group client - [POST /v1/sso-service/sso-group/{groupId}/clients](https://developer.transmitsecurity.com/openapi/user/sso-clients-groups.openapi/other/createssoclient.md): Creates a new client in the SSO clients group. Required permissions: sso-service:edit. ### Update client - [PUT /v1/sso-service/sso-group/{groupId}/clients/{clientId}](https://developer.transmitsecurity.com/openapi/user/sso-clients-groups.openapi/other/updatessoclient.md): Updates a client within the SSO clients group by specifying it by its ID. Note: Fields that are objects cannot be partially updated, since the new value you set will just replace the current one. Required permissions: sso-service:edit. ### Delete client - [DELETE /v1/sso-service/sso-group/{groupId}/clients/{clientId}](https://developer.transmitsecurity.com/openapi/user/sso-clients-groups.openapi/other/deletessoclient.md): Deletes a client and removes it from the SSO client group. Required permissions: sso-service:edit, sso-service:delete.