Redeem SAML Access Code | SSOReady Docs

Exchanges a SAML access code for details about your user's SAML login details.

Authentication

AuthorizationBearer

Bearer authentication of the form Bearer <token>, where token is your auth token.

Request

This endpoint expects an object.

samlAccessCodestringOptional

The SAML access code to redeem.

Response

emailstring

The user's email address.

statestring

The state you provided when getting a SAML initiation URL, if any.

If your user logged in to your product using Identity Provider-initiated SAML (e.g. they clicked on your app inside their corporate Okta dashboard), then state will be empty.

SSOReady validates the authenticity of non-empty state values. You do not need to implement your own CSRF on top of it, but doing so anyway will have no bad consequences.

attributesmap from strings to strings

Arbitrary key-value pairs the Identity Provider included about the user.

Typically, these attributes are used to pass along the user’s first/last name, or whether they should be considered an admin within their company.

organizationIdstring

The ID of the organization this user belongs to.

organizationExternalIdstring

The externalId, if any, of the organization this user belongs to.

samlFlowIdstring

A unique identifier of this particular SAML login. It is not a secret. You can safely log it. SSOReady maintains an audit log of every SAML login. Use this SAML flow ID to find this login in the audit logs.

1	curl -X POST https://api.ssoready.com/v1/saml/redeem \
2	-H "Authorization: Bearer <apiKey>" \
3	-H "Content-Type: application/json" \
4	-d '{
5	"samlAccessCode": "saml_access_code_..."
6	}'