Skip to main content

Update Service Provider Configuration



This API updates an existing service provider configuration for an org using PATCH.




A list of auth org service provider configuration update operations according to the JSON Patch standard. Note: /federationProtocolDetails/0 is IdpDetails /federationProtocolDetails/1 is SpDetails Ensures that the patched ServiceProviderConfig conforms to certain logical guidelines, which are:

  1. Do not add or remove any elements in the federation protocol details in the service provider configuration.
  2. Do not modify, add, or delete the service provider details element in the federation protocol details.
  3. If this is the first time the patched ServiceProviderConfig enables Remote IDP sign-in, it must also include IDPDetails.
  4. If the patch enables Remote IDP sign in, the entityID in the IDPDetails cannot be null. IDPDetails must include an entityID.
  5. Any JIT configuration update must be valid.

Just in time configuration update must be valid when enabled. This includes:

  • A Source ID
  • Source attribute mappings
  • Source attribute maps have all the required key values (firstName, lastName, email)
  • Array [
  • op stringrequired

    Possible values: [add, remove, replace, move, copy, test]

    The operation to be performed

    path stringrequired

    A string JSON Pointer representing the target path to an element to be affected by the operation

    value object

    The value to be used for the operation, required for "add" and "replace" operations



  • ]


Auth Org Service Provider configuration updated.

    enabled boolean

    Default value: false

    This determines whether or not the SAML authentication flow is enabled for an org

    bypassIdp boolean

    Default value: false

    This allows basic login with the parameter prompt=true. This is often toggled on when debugging SAML authentication setup. When false, only org admins with MFA-enabled can bypass the IDP.

    samlConfigurationValid boolean

    Default value: false

    This indicates whether or not the SAML configuration is valid.

    federationProtocolDetails object[]

    A list of the abstract implementations of the Federation Protocol details. Typically, this will include on SpDetails object and one IdpDetails object used in tandem to define a SAML integration between a customer's identity provider and a customer's SailPoint instance (i.e., the service provider).

  • Array [
  • oneOf
    role string

    Possible values: [SAML_IDP]

    Federation protocol role

    entityId string

    An entity ID is a globally unique name for a SAML entity, either an Identity Provider (IDP) or a Service Provider (SP).

    binding string

    Defines the binding used for the SAML flow. Used with IDP configurations.

    authContext string

    Specifies the SAML authentication method to use. Used with IDP configurations.

    logoutUrl string

    The IDP logout URL. Used with IDP configurations.

    includeAuthContext boolean

    Default value: false

    Determines if the configured AuthnContext should be used or the default. Used with IDP configurations.

    nameId string

    The name id format to use. Used with IDP configurations.

    jitConfiguration object
    enabled boolean

    Default value: false

    The indicator for just-in-time provisioning enabled

    sourceId string

    the sourceId that mapped to just-in-time provisioning configuration

    sourceAttributeMappings object

    A mapping of identity profile attribute names to SAML assertion attribute names

    property name* string

    a mapping of JIT source attributes to the SAML assertion attribute

    cert string

    The Base64-encoded certificate used by the IDP. Used with IDP configurations.

    loginUrlPost string

    The IDP POST URL, used with IDP HTTP-POST bindings for IDP-initiated logins. Used with IDP configurations.

    loginUrlRedirect string

    The IDP Redirect URL. Used with IDP configurations.

    mappingAttribute string

    Return the saml Id for the given user, based on the IDN as SP settings of the org. Used with IDP configurations.

    certificateExpirationDate string

    The expiration date extracted from the certificate.

    certificateName string

    The name extracted from the certificate.

  • ]