Single Sign-On

Download OpenAPI specification:Download

Login users using an external SAML identity provider (IDP). B2B apps can use this to allow their business customers or partners to provide SSO login for their members (see Organizations).

Start SAML SSODeprecated

Initiates an SSO login flow with a SAML identity provider (IDP). This results in a POST redirect to the SAML IDP configured for the organization, which is determined based on the domain of the user's email address. Once the SAML IDP authenticates the user, it will redirect back to the app with the SAML response so the app can complete the SSO flow.

Note:

  • If the user isn't a member of an organization configured for SAML SSO, an error is returned.
  • If public sign-ups are enabled for the app, new users will be added to the app upon login.

Request
query Parameters
client_id
required
string

Client ID

email
required
string

User's email address

org_id
string

Organization ID, used for member login in B2B scenarios

Responses
200

POST redirect to SAML IDP with a SAML request

get/v1/auth/sso/saml/start
Request samples 
Complete SAML SSODeprecated
Completes the SSO login using the SAML response received directly from the SAML IDP (via your ACS URL). If the user is authenticated and the SAML response is valid, Transmit will redirect to your redirect URI with a code that can be exchanged for a user token. If not, this API returns an error. 

This should be called from the backend, using a client access token.


SecurityHTTP: bearer 
Request 
Request Body schema: application/json
required
SAMLResponse
required
string
SAML response from the SAML IDP


 
organization_id
required
string
Organization ID. This can be part of your app's ACS URL path.


 
redirect_uri
required
string
URI to redirect to upon completing the SSO login. This is the server GET endpoint used to call the token endpoint, and should accept code as a query parameter. This URI must also be configured as an allowed redirect URI for this client.


 
RelayState
string
RelayState returned with the SAML response (only for SP-initiated flows). It's an opaque identifier used to maintain the state of the user session.


 
Responses 
200
post/v1/auth/sso/saml/complete
Request samples 
application/json
{
  • "SAMLResponse": "string",
  • "organization_id": "string",
  • "redirect_uri": "string",
  • "RelayState": "string"
}
Response samples 
application/json
{
  • "result": "string"
}
Start SSO
Initiates an SSO login flow with an external identity provider (IDP). This results in a POST redirect to the IDP configured for the organization, which is determined based on the domain of the user's email address. Once the IDP authenticates the user, it will redirect back to the app with the authentication response so the app can complete the SSO flow. 

Note: 
     
  •  If the user isn't a member of an organization configured for SSO, an error is returned.
  •  If public sign-ups are enabled for the app, new users will be added to the app upon login.
    

Request 
query Parameters
client_id
required
string
Client ID


 
email
required
string
User's email address


 
redirect_uri
required
string
the client pre-listed redirect uri


 
org_id
string
Organization ID, used for member login in B2B scenarios


 
Responses 
200
POST redirect to IDP with a SSO request


get/v1/auth/sso/start
Request samples 
Complete SAML SSO
Completes the SSO login using the SAML response received directly from the SAML IDP (via your ACS URL). If the user is authenticated and the SAML response is valid, Transmit will redirect to your redirect URI with a code that can be exchanged for a user token. If not, this API returns an error. 

This should be called from the backend, using a client access token.


SecurityHTTP: bearer 
Request 
Request Body schema: application/json
required
SAMLResponse
required
string
SAML response from the SAML IDP


 
organization_id
required
string
Organization ID. This can be part of your app's ACS URL path.


 
redirect_uri
required
string
URI to redirect to upon completing the SSO login. This is the server GET endpoint used to call the token endpoint, and should accept code as a query parameter. This URI must also be configured as an allowed redirect URI for this client.


 
RelayState
string
RelayState returned with the SAML response (only for SP-initiated flows). It's an opaque identifier used to maintain the state of the user session.


 
Responses 
200
post/v1/auth/sso/complete
Request samples 
application/json
{
  • "SAMLResponse": "string",
  • "organization_id": "string",
  • "redirect_uri": "string",
  • "RelayState": "string"
}
Response samples 
application/json
{
  • "result": "string"
}