Redeem SAML Access Code

POST

Exchanges a SAML access code for details about your user’s SAML login details.

Request

This endpoint expects an object.

samlAccessCodestringOptional

The SAML access code to redeem.

Response

emailstringOptional

The user’s email address.

statestringOptional

The state you provided when getting a SAML initiation URL, if any.

If your user logged in to your product using Identity Provider-initiated SAML (e.g. they clicked on your app inside their corporate Okta dashboard), then state will be empty.

SSOReady validates the authenticity of non-empty state values. You do not need to implement your own CSRF on top of it, but doing so anyway will have no bad consequences.

attributesmap from strings to stringsOptional

Arbitrary key-value pairs the Identity Provider included about the user.

Typically, these attributes are used to pass along the user’s first/last name, or whether they should be considered an admin within their company.

organizationIdstringOptional

The ID of the organization this user belongs to.

organizationExternalIdstringOptional

The externalId, if any, of the organization this user belongs to.

samlFlowIdstringOptional

A unique identifier of this particular SAML login. It is not a secret. You can safely log it.

SSOReady maintains an audit log of every SAML login. Use this SAML flow ID to find this login in the audit logs.

Built with

1	curl -X POST https://api.ssoready.com/v1/saml/redeem \
2	-H "Authorization: Bearer <apiKey>" \
3	-H "Content-Type: application/json" \
4	-d '{
5	"samlAccessCode": "saml_access_code_..."
6	}'

1	{
2	"email": "john.doe@acme.com",
3	"organizationId": "org_7cu5hsy9vrbi5d2k1qvbh19lj",
4	"organizationExternalId": "my_custom_external_id"
5	}