# Complete SAML SSO (deprecated)

Completes the SSO login using the SAML response received directly from the SAML IDP (via your ACS URL). If the user is authenticated and the SAML response is valid, Transmit will redirect to your redirect URI with a code that can be exchanged for a user token. If not, this API returns an error. This should be called from the backend, using a client access token.

Endpoint: POST /v1/auth/sso/saml/complete

## Request fields (application/json):

  - `SAMLResponse` (string, required)
    SAML response from the SAML IDP

  - `RelayState` (string)
    RelayState returned with the SAML response (only for SP-initiated flows). It's an opaque identifier used to maintain the state of the user session.

  - `organization_id` (string, required)
    Organization ID. This can be part of your app's ACS URL path.

  - `redirect_uri` (string, required)
    URI to redirect to upon completing the SSO login. This is the server GET endpoint used to call the [token endpoint](/openapi/user/oidc.openapi/other/oidctoken), and should accept code as a query parameter. This URI must also be configured as an allowed redirect URI for this client.

## Response 200 fields (application/json):

  - `result` (string, required)
    URI used to complete the flow. Sending a GET request to this URI will redirect the browser to your redirect URI with a code to exchange for user tokens.