Update Service Provider Configuration

PATCH 
https://sailpoint.api.identitynow.com/v2025/auth-org/service-provider-config

This API updates an existing service provider configuration for an org using PATCH.

Request

application/json-patch+json

Body arrayrequired

A list of auth org service provider configuration update operations according to the JSON Patch standard. Note: /federationProtocolDetails/0 is IdpDetails /federationProtocolDetails/1 is SpDetails Ensures that the patched ServiceProviderConfig conforms to certain logical guidelines, which are:

1. Do not add or remove any elements in the federation protocol details in the service provider configuration.
2. Do not modify, add, or delete the service provider details element in the federation protocol details.
3. If this is the first time the patched ServiceProviderConfig enables Remote IDP sign-in, it must also include IDPDetails.
4. If the patch enables Remote IDP sign in, the entityID in the IDPDetails cannot be null. IDPDetails must include an entityID.
5. Any JIT configuration update must be valid.

Just in time configuration update must be valid when enabled. This includes:

• A Source ID
• Source attribute mappings
• Source attribute maps have all the required key values (firstName, lastName, email)

Array [
opstringrequired
The operation to be performed
Possible values: [add, remove, replace, move, copy, test]
Example: replace
pathstringrequired
A string JSON Pointer representing the target path to an element to be affected by the operation
Example: /description
value object
The value to be used for the operation, required for "add" and "replace" operations
oneOf
string
string
Example: New description
boolean
boolean
Example: true
integer
integer
Example: 300
object
object
Example: {"attributes":{"name":"philip"}}
array
Array [
anyOf
MOD1
string
MOD2
integer
MOD3
object
]
]

Responses

200

Auth Org Service Provider configuration updated.

application/json

Schema

Schema

enabledboolean
This determines whether or not the SAML authentication flow is enabled for an org
Default value: false
Example: true
bypassIdpboolean
This allows basic login with the parameter prompt=true. This is often toggled on when debugging SAML authentication setup. When false, only org admins with MFA-enabled can bypass the IDP.
Default value: false
Example: true
samlConfigurationValidboolean
This indicates whether or not the SAML configuration is valid.
Default value: false
Example: true
federationProtocolDetails object[]
A list of the abstract implementations of the Federation Protocol details. Typically, this will include on SpDetails object and one IdpDetails object used in tandem to define a SAML integration between a customer's identity provider and a customer's SailPoint instance (i.e., the service provider).
Array [
anyOf
MOD1
rolestring
Federation protocol role
Possible values: [SAML_IDP, SAML_SP]
Example: SAML_IDP
entityIdstring
An entity ID is a globally unique name for a SAML entity, either an Identity Provider (IDP) or a Service Provider (SP).
Example: http://www.okta.com/exkdaruy8Ln5Ry7C54x6
bindingstring
Defines the binding used for the SAML flow. Used with IDP configurations.
Example: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
authnContextstring
Specifies the SAML authentication method to use. Used with IDP configurations.
Example: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
logoutUrlstring
The IDP logout URL. Used with IDP configurations.
Example: https://dev-206445.oktapreview.com/login/signout
includeAuthnContextboolean
Determines if the configured AuthnContext should be used or the default. Used with IDP configurations.
Default value: false
Example: false
nameIdstring
The name id format to use. Used with IDP configurations.
Example: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
jitConfiguration object
enabledboolean
The indicator for just-in-time provisioning enabled
Default value: false
Example: false
sourceIdstring
the sourceId that mapped to just-in-time provisioning configuration
Example: 2c9180857377ed2901739c12a2da5ac8
sourceAttributeMappings object
A mapping of identity profile attribute names to SAML assertion attribute names
property name*string
a mapping of JIT source attributes to the SAML assertion attribute
certstring
The Base64-encoded certificate used by the IDP. Used with IDP configurations.
Example: -----BEGIN CERTIFICATE-----****-----END CERTIFICATE-----
loginUrlPoststring
The IDP POST URL, used with IDP HTTP-POST bindings for IDP-initiated logins. Used with IDP configurations.
Example: https://dev-157216.okta.com/app/sailpointdev157216_cdovsaml_1/exkdaruy8Ln5Ry7C54x6/sso/saml
loginUrlRedirectstring
The IDP Redirect URL. Used with IDP configurations.
Example: https://dev-157216.okta.com/app/sailpointdev157216_cdovsaml_1/exkdaruy8Ln5Ry7C54x6/sso/saml
mappingAttributestringrequired
Return the saml Id for the given user, based on the IDN as SP settings of the org. Used with IDP configurations.
Example: email
certificateExpirationDatestring
The expiration date extracted from the certificate.
Example: Fri Mar 08 08:54:24 UTC 2013
certificateNamestring
The name extracted from the certificate.
Example: OU=Conext, O=Surfnet, L=Utrecht, ST=Utrecht, C=NL
MOD2
rolestring
Federation protocol role
Possible values: [SAML_IDP, SAML_SP]
Example: SAML_IDP
entityIdstring
An entity ID is a globally unique name for a SAML entity, either an Identity Provider (IDP) or a Service Provider (SP).
Example: http://www.okta.com/exkdaruy8Ln5Ry7C54x6
aliasstring
Unique alias used to identify the selected local service provider based on used URL. Used with SP configurations.
Example: acme-sp
callbackUrlstringrequired
The allowed callback URL where users will be redirected to after authentication. Used with SP configurations.
Example: https://stradbroke-sso.identitysoon.com/sso/Consumer/metaAlias/cdov-saml/sp
legacyAcsUrlstring
The legacy ACS URL used for SAML authentication. Used with SP configurations.
Example: https://megapod-useast1-sso.identitysoon.com/sso/Consumer/metaAlias/acme/sp
]

Example (auto)

{
  "enabled": true,
  "bypassIdp": true,
  "samlConfigurationValid": true,
  "federationProtocolDetails": [
    {
      "role": "SAML_IDP",
      "entityId": "http://www.okta.com/exktq4o24bmQA4fr60h7",
      "cert": "MIIDpDCCAoygAwIBAgIGAYhZ+b29MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi0yMDY0NDUxHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjMwNTI2MjEzMDU5WhcNMzMwNTI2MjEzMTU5WjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtMjA2NDQ1MRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvi1+WbF2ceGlLCrLl5PrG1lpj04IsrHX6OE666ObC2WFh+Nxvpxy+Vmzon9c9+akhK3bTv+9ifEoVc6tA1qWuCfXISAn9g81JqI68I1PGUbe6eF8pmOA18rjOrt7x94k4QukpR3+I8DfPJ+TynatltB51laLb8H4jchMafA4rDTjV/ZiYPxV0LMEIbprVyGuvBEhiEWha3wwVdDuJq996okX36YNS8PcGH+5CJ8c3YWZp/wrspgJmfCooMXeV+6zBpZfXqPpMWlUo0gcZqDOFgy3r4vkXehJdVYRlInMfDv04Lvy8VI1YAZClG/duO/6o9YVUFLjD9s+mQfhgaF5wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB1CTrA/pTHkarbhMHsdSFAjVoYWwdAfrssG99rIjwwr/CW9tavTC3keaoUmUeddcnLY4V/TfL07+xgQGHCBR88cnzG9h6rC9qWxt6C3nug3YDVQfkdCDgnW9A8QEvLeq/KVLoRccpJNEENb2Y5ESUXHi1+PtjkFBtvfSgZ4eEhVggirL0bJdWVm700hCnjb2iCGSbSX7WflfPi0GSmjht983caG9OwZDnDzNFt8qGWCxo4bNSThT00JnWEN/6f1BWNOt9YDrxqEyNclqhLL+RDqFsPBFIrQlsoXzqpWqCL8oS9UMNxbGATK2v3d5ueE9+SswBAFBhirCuqZw19Ri2W",
      "loginUrlPost": "https://dev-206445.oktapreview.com/app/tivolidev206445_acmeidntest_1/exktq4o24bmQA4fr60h7/sso/saml",
      "loginUrlRedirect": "https://dev-206445.oktapreview.com/app/tivolidev206445_acmeidntest_1/exktq4o24bmQA4fr60h7/sso/saml",
      "logoutUrl": "https://dev-206445.oktapreview.com/login/signout",
      "nameId": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
      "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
      "authnContext": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
      "includeAuthnContext": true,
      "mappingAttribute": "email",
      "jitConfiguration": {
        "enabled": true,
        "sourceId": "2c9180897427f3a501745042afc83144",
        "sourceAttributeMappings": {
          "firstName": "okta.firstName",
          "lastName": "okta.lastName",
          "email": "okta.email"
        }
      },
      "certificateExpirationDate": "Thu May 26 21:31:59 GMT 2033",
      "certificateName": "EMAILADDRESS=info@okta.com, CN=dev-206445, OU=SSOProvider, O=Okta, L=San Francisco, ST=California, C=US"
    },
    {
      "role": "SAML_SP",
      "entityId": "https://acme.identitysoon.com/sp",
      "alias": "acme-sp",
      "callbackUrl": "https://acme.test-login.sailpoint.com/saml/SSO/alias/acme-sp",
      "legacyAcsUrl": "https://megapod-useast1-sso.identitysoon.com/sso/Consumer/metaAlias/acme/sp"
    }
  ]
}

400

Client Error - Returned if the request body is invalid.

application/json

Schema

Schema

detailCodestring
Fine-grained error code providing more detail of the error.
Example: 400.1 Bad Request Content
trackingIdstring
Unique tracking id for the error.
Example: e7eab60924f64aa284175b9fa3309599
messages object[]
Generic localized reason for error
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]

Example (auto)

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

400.1 Bad Request Content

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en",
      "localeOrigin": "REQUEST",
      "text": "firstName is required; accountName is required;"
    }
  ]
}

400.1.3 Illegal value

{
  "detailCode": "400.1.3 Illegal value",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en",
      "localeOrigin": "REQUEST",
      "text": "JIT source id is invalid."
    }
  ]
}

401

Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.

application/json

Schema

Schema

error
A message describing the error
Example: JWT validation failed: JWT is expired

Example (auto)

{
  "error": "JWT validation failed: JWT is expired"
}

403

Forbidden - Returned if the user you are running as, doesn't have access to this end-point.

application/json

Schema

Schema

detailCodestring
Fine-grained error code providing more detail of the error.
Example: 400.1 Bad Request Content
trackingIdstring
Unique tracking id for the error.
Example: e7eab60924f64aa284175b9fa3309599
messages object[]
Generic localized reason for error
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]

Example (auto)

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

403

An example of a 403 response object

{
  "detailCode": "403 Forbidden",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The server understood the request but refuses to authorize it."
    }
  ]
}

404

Not Found - returned if the request URL refers to a resource or object that does not exist

application/json

Schema

Schema

detailCodestring
Fine-grained error code providing more detail of the error.
Example: 400.1 Bad Request Content
trackingIdstring
Unique tracking id for the error.
Example: e7eab60924f64aa284175b9fa3309599
messages object[]
Generic localized reason for error
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]

Example (auto)

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

404

An example of a 404 response object

{
  "detailCode": "404 Not found",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The server did not find a current representation for the target resource."
    }
  ]
}

429

Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.

application/json

Schema

Schema

message
A message describing the error
Example: Rate Limit Exceeded

Example (auto)

{
  "message": " Rate Limit Exceeded "
}

500

Internal Server Error - Returned if there is an unexpected error.

application/json

Schema

Schema

detailCodestring
Fine-grained error code providing more detail of the error.
Example: 400.1 Bad Request Content
trackingIdstring
Unique tracking id for the error.
Example: e7eab60924f64aa284175b9fa3309599
messages object[]
Generic localized reason for error
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]

Example (auto)

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

500

An example of a 500 response object

{
  "detailCode": "500.0 Internal Fault",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "An internal fault occurred."
    }
  ]
}

Authorization: oauth2

type: Personal Access Token

• go
• powershell
  SailPoint SDK
• python
  SailPoint SDK
• csharp
• curl
• dart
• http
• java
• javascript
• kotlin
• c
• nodejs
• objective-c
• ocaml
• php
• r
• ruby
• rust
• shell
• swift

• NATIVE

package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "https://sailpoint.api.identitynow.com/v2025/auth-org/service-provider-config"
  method := "PATCH"

  payload := strings.NewReader(`[
  {
    "op": "replace",
    "path": "/description",
    "value": "New description"
  }
]`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/json-patch+json")
  req.Header.Add("Accept", "application/json")
  req.Header.Add("Authorization", "Bearer <TOKEN>")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}

Request Collapse all

Base URL

https://sailpoint.api.identitynow.com/v2025

Auth

Bearer Token

Body required

• Example (from schema)
• Example

[
  {
    "op": "replace",
    "path": "/description",
    "value": "New description"
  }
]

ResponseClear

Click the Send API Request button above and see the response here!