For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Login
    • Introduction
  • SAML (Enterprise SSO)
    • SAML Quickstart
    • SAML: A technical primer
    • Integrating SAML with your Login UI
    • Handling SAML Logins + JIT Provisioning
  • SCIM (Enterprise Directory Sync)
    • SCIM Quickstart
  • SDKs
    • TypeScript SDK
    • Python SDK
    • Go SDK
    • Java SDK
    • C# SDK
    • Ruby SDK
    • PHP SDK
  • SAML-over-OAuth
    • SAML over OAuth (SAML NextAuth.js integration)
    • SAML for Firebase
  • IDP configuration
    • Enabling self-service configuration for your customers
  • SSOReady concepts
    • Overview
    • Environments
    • Organizations
    • SAML Connections
    • SAML Login Flows
    • SCIM Directories
    • SCIM Users
    • SCIM Groups
    • SCIM Request Logs
  • Management API
    • Management API
  • DummyIDP
    • Testing SAML/SCIM with DummyIDP
  • Self-Hosting
    • Self-Hosting SSOReady
  • API Reference
      • POSTRedeem SAML Access Code
      • POSTGet SAML Redirect Url
Login
Logo
API ReferenceSAML

Redeem SAML Access Code

POST
https://api.ssoready.com/v1/saml/redeem
POST
/v1/saml/redeem
$curl -X POST https://api.ssoready.com/v1/saml/redeem \
>     -H "Authorization: Bearer <apiKey>" \
>     -H "Content-Type: application/json" \
>     -d '{
>  "samlAccessCode": "saml_access_code_..."
>}'
200Successful
1{
2  "email": "john.doe@acme.com",
3  "organizationId": "org_7cu5hsy9vrbi5d2k1qvbh19lj",
4  "organizationExternalId": "my_custom_external_id"
5}
Exchanges a SAML access code for details about your user's SAML login details.
Was this page helpful?
Previous

Get SAML Redirect Url

Next
Built with

Authentication

AuthorizationBearer

Bearer authentication of the form Bearer <token>, where token is your auth token.

Request

This endpoint expects an object.
samlAccessCodestringOptional
The SAML access code to redeem.

Response

OK
emailstring
The user's email address.
statestring

The state you provided when getting a SAML initiation URL, if any.

If your user logged in to your product using Identity Provider-initiated SAML (e.g. they clicked on your app inside their corporate Okta dashboard), then state will be empty.

SSOReady validates the authenticity of non-empty state values. You do not need to implement your own CSRF on top of it, but doing so anyway will have no bad consequences.

attributesmap from strings to strings

Arbitrary key-value pairs the Identity Provider included about the user.

Typically, these attributes are used to pass along the user’s first/last name, or whether they should be considered an admin within their company.

organizationIdstring
The ID of the organization this user belongs to.
organizationExternalIdstring

The externalId, if any, of the organization this user belongs to.

samlFlowIdstring
A unique identifier of this particular SAML login. It is not a secret. You can safely log it. SSOReady maintains an audit log of every SAML login. Use this SAML flow ID to find this login in the audit logs.