Single Sign On

Download OpenAPI specification:Download

Login users using an external SAML identity provider (IDP). B2B apps can use this to allow their business customers or partners to provide SSO login for their members (see Organizations).

Start SAML SSO

Initiates an SSO login flow with a SAML identity provider (IDP). This results in a POST redirect to the SAML IDP configured for the organization, which is determined based on the domain of the user's email address. Once the SAML IDP authenticates the user, it will redirect back to the app with the SAML response so the app can complete the SSO flow.

Note:

  • If the user isn't a member of an organization configured for SAML SSO, an error is returned.
  • If public sign-ups are enabled for the app, new users will be added to the app upon login.

Request
query Parameters
client_id
required
string

Client ID

email
required
string

User's email address

Responses
200

POST redirect to SAML IDP with a SAML request

get/v1/auth/sso/saml/start
Request samples
curl -i -X GET \
  'https://api.transmitsecurity.io/cis/v1/auth/sso/saml/start?client_id=string&email=string'

Complete SAML SSO

Completes the SSO login using the SAML response received directly from the SAML IDP (via your ACS URL). If the user is authenticated and the SAML response is valid, Transmit will redirect to your redirect URI with a code that can be exchanged for a user token. If not, this API returns an error.

This should be called from the backend, using a client access token.

SecurityHTTP: bearer
Request
Request Body schema: application/json
SAMLResponse
required
string

SAML response from the SAML IDP

organization_id
required
string

Organization ID. This can be part of your app's ACS URL path.

redirect_uri
required
string

URI to redirect to upon completing the SSO login. This is the server GET endpoint used to call the token endpoint, and should accept code as a query parameter. This URI must also be configured as an allowed redirect URI for this client.

RelayState
string

RelayState returned with the SAML response (only for SP-initiated flows). It's an opaque identifier used to maintain the state of the user session.

Responses
200
post/v1/auth/sso/saml/complete
Request samples
application/json
{
  • "SAMLResponse": "string",
  • "organization_id": "string",
  • "redirect_uri": "string",
  • "RelayState": "string"
}
Response samples
application/json
{
  • "result": "string"
}