Default Role
Set or clear the SSO connection’s default just-in-time role.
Authorizations
Timbal API key. Obtain your API key from the Timbal platform settings. See Authentication for more information.
Body
Body for the dedicated default-role endpoint. The field is required but may
be null to clear the catch-all role (no separate "unset" verb needed).
Target role id, or null to remove the catch-all (group-mapping-only).
Accepts a number or a stringified id.
Response
Updated connection
Masked view of a connection. Never includes the client secret.
Whether a client secret is configured. The secret itself is never returned.
Read-only here: SSO enforcement isn't configurable via the API yet.
OIDC client id. null for non-OIDC kinds.
Catch-all role granted to JIT members with no matching group mapping.
null = no catch-all role.
OIDC issuer. null for non-OIDC kinds (e.g. SAML), whose connection
details live in kind-specific fields added when those kinds ship.