# Save Single Sign-On Save Single Sign-On Endpoint: POST /rest/2.0/SINGLE_SIGN_ON Version: 1.0 Security: JWT ## Header parameters: - `sessionId` (string, required) ## Request fields (application/json; charset=utf-8): - `brmObjects` (object) - `brmObjects.IdpCertificateFileName` (string) IDP Certificate File Name - `brmObjects.CreatedUserId` (string) System controlled field: Id of the user that created the record - `brmObjects.Created` (string) System controlled field: Date and time the record was created - `brmObjects.SSOStandard` (string) SSO Standard - `brmObjects.IdpLoginUrl` (string, required) Login URI: URL for the IDP login page used to redirect on session time-out. - `brmObjects.SamlUserIdLocation` (string, required) SAML User Id Location: Specify the location of the User ID in the SAML request posted the Identity Provider. It can be located either in the NameIdentifier element of the Subject statement or in an Attribute element. - `brmObjects.SSOConfiguration` (string) SSO Configuration - `brmObjects.SSOConfigurationFileName` (string) SSO Configuration File Name - `brmObjects.ClientId` (string) Client Id - `brmObjects.SSOname` (string, required) Single Sign-On Name: Single Sign On Name - `brmObjects.IdpLogoutUrl` (string) Logout URI: URL of the Identity Provider logout page where the user will be redirected upon clicking Logout. - `brmObjects.SamlEnabled` (integer) Enabled: Select this box to enable SAML Authentication. This will bypass your default authentication method delegating it to your Identity Provider. - `brmObjects.SpInitRequestType` (string) SP Initiated Request Type: Specify what method to use in an authentication request from your Billing Organization to the Identity Provider. It can be either HTTP POST or HTTP Redirect. - `brmObjects.IdpCertificate` (string, required) IDP Certificate: Upload the Identity Provider Certificate from your IDP Software application. - `brmObjects.Scopes` (string) Scopes - `brmObjects.EnableMultiAccountMapping` (integer) Enable Multi-Account Mapping: Select this box to enable mapping of multiple accounts to a single user that is provisioned during SSO authentication using this Single Sign-On profile. - `brmObjects.Issuer` (string, required) Issuer URI: The issuer URL. This is the URL used to send SAML authentication requests to the Identity Provider. - `brmObjects.UserProvisioningEnabled` (integer) Enable User Provisioning - `brmObjects.UpdatedUserId` (string) System controlled field: Id of the last user that updated the record - `brmObjects.Updated` (string) System controlled field: Date and time the record was last updated - `brmObjects.Description` (string) Single Sign-On Description: Identify the users of this Single Sign On configuration to help a user select the correct Identity Provider on the sign-in page (e.g., All employee access) - `brmObjects.EntityId` (string) Entity id: Get this value from your service provider. - `brmObjects.StartUrl` (string) Start URI: Directs users to a specific location when they run the application. This can be an absolute URL, such as https://na1.salesforce.com/001/o, or it can be the link for the application name, such as https://customer.goodApp.com for GoodApp. - `brmObjects.SamlVersion` (string) Saml Version - `brmObjects.RefreshRoleOnSubsequentLoginsEnabled` (integer) Refresh Role On Subsequent Logins: When enabled an update to user application role in the SSO server will be reflected BP the moment user logs into BP. If disabled the application role will only be set on the initial login (backward compatibility option). - `brmObjects.CreatorId` (string) API User - `brmObjects.SamlUserIdType` (string) SAML User Id Type: Specify the format of the User ID that is expected by your Identity Provider. It can be either a username or the Federation ID from the User object. - `brmObjects.AttributeName` (string) Attribute Name: If the User Id is contained in an attribute node of the SAML assertion, specify the Name of the Attribute here. - `brmObjects.RoleNameMappingField` (string) RoleName Mapping Field - `brmObjects.UserNameMappingField` (string) UserName Mapping Field - `brmObjects.Id` (string, required) Id: Single Sing On ID - `brmObjects.SSORoleGroup` (string) SSO Role ## Response 200 fields (application/json): - `retrieveResponse` (object) - `retrieveResponse.IdpCertificateFileName` (string) IDP Certificate File Name - `retrieveResponse.CreatedUserId` (string) System controlled field: Id of the user that created the record - `retrieveResponse.Created` (string) System controlled field: Date and time the record was created - `retrieveResponse.SSOStandard` (string) SSO Standard - `retrieveResponse.IdpLoginUrl` (string) Login URI: URL for the IDP login page used to redirect on session time-out. - `retrieveResponse.SamlUserIdLocation` (string) SAML User Id Location: Specify the location of the User ID in the SAML request posted the Identity Provider. It can be located either in the NameIdentifier element of the Subject statement or in an Attribute element. - `retrieveResponse.SSOConfiguration` (string) SSO Configuration - `retrieveResponse.SSOConfigurationFileName` (string) SSO Configuration File Name - `retrieveResponse.ClientId` (string) Client Id - `retrieveResponse.SSOname` (string) Single Sign-On Name: Single Sign On Name - `retrieveResponse.IdpLogoutUrl` (string) Logout URI: URL of the Identity Provider logout page where the user will be redirected upon clicking Logout. - `retrieveResponse.SamlEnabled` (integer) Enabled: Select this box to enable SAML Authentication. This will bypass your default authentication method delegating it to your Identity Provider. - `retrieveResponse.SpInitRequestType` (string) SP Initiated Request Type: Specify what method to use in an authentication request from your Billing Organization to the Identity Provider. It can be either HTTP POST or HTTP Redirect. - `retrieveResponse.IdpCertificate` (string) IDP Certificate: Upload the Identity Provider Certificate from your IDP Software application. - `retrieveResponse.Scopes` (string) Scopes - `retrieveResponse.EnableMultiAccountMapping` (integer) Enable Multi-Account Mapping: Select this box to enable mapping of multiple accounts to a single user that is provisioned during SSO authentication using this Single Sign-On profile. - `retrieveResponse.Issuer` (string) Issuer URI: The issuer URL. This is the URL used to send SAML authentication requests to the Identity Provider. - `retrieveResponse.UserProvisioningEnabled` (integer) Enable User Provisioning - `retrieveResponse.UpdatedUserId` (string) System controlled field: Id of the last user that updated the record - `retrieveResponse.Updated` (string) System controlled field: Date and time the record was last updated - `retrieveResponse.Description` (string) Single Sign-On Description: Identify the users of this Single Sign On configuration to help a user select the correct Identity Provider on the sign-in page (e.g., All employee access) - `retrieveResponse.EntityId` (string) Entity id: Get this value from your service provider. - `retrieveResponse.StartUrl` (string) Start URI: Directs users to a specific location when they run the application. This can be an absolute URL, such as https://na1.salesforce.com/001/o, or it can be the link for the application name, such as https://customer.goodApp.com for GoodApp. - `retrieveResponse.SamlVersion` (string) Saml Version - `retrieveResponse.RefreshRoleOnSubsequentLoginsEnabled` (integer) Refresh Role On Subsequent Logins: When enabled an update to user application role in the SSO server will be reflected BP the moment user logs into BP. If disabled the application role will only be set on the initial login (backward compatibility option). - `retrieveResponse.CreatorId` (string) API User - `retrieveResponse.SamlUserIdType` (string) SAML User Id Type: Specify the format of the User ID that is expected by your Identity Provider. It can be either a username or the Federation ID from the User object. - `retrieveResponse.AttributeName` (string) Attribute Name: If the User Id is contained in an attribute node of the SAML assertion, specify the Name of the Attribute here. - `retrieveResponse.RoleNameMappingField` (string) RoleName Mapping Field - `retrieveResponse.UserNameMappingField` (string) UserName Mapping Field - `retrieveResponse.Id` (string) Id: Single Sing On ID - `retrieveResponse.SSORoleGroup` (string) SSO Role ## Response 400 fields (application/json): - `error` (string) Bad request - `message` (string) Bad request ## Response 401 fields (application/json): - `error` (string) Unauthorized - `message` (string) Unauthorized ## Response 404 fields (application/json): - `error` (string) Not found - `message` (string) Not found ## Response 429 fields (application/json): - `error` (string) Too many requests - `message` (string) Too many requests ## Response 500 fields (application/json): - `error` (string) Internal error - `message` (string) Internal error