Skip to main content
PUT
/
orgs
/
{org_id}
/
identity-providers
/
{provider_id}
/
default-role
cURL
curl --request PUT \
  --url https://api.timbal.ai/orgs/{org_id}/identity-providers/{provider_id}/default-role \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "role_id": 123
}'
{
  "allowed_domains": [
    "<string>"
  ],
  "client_secret_set": true,
  "created_at": 123,
  "enabled": true,
  "enforced": true,
  "id": "<string>",
  "kind": "<string>",
  "org_id": "<string>",
  "provider_key": "<string>",
  "updated_at": 123,
  "client_id": "<string>",
  "default_role_id": "<string>",
  "display_name": "<string>",
  "groups_claim": "<string>",
  "issuer": "<string>",
  "scopes": "<string>"
}

Authorizations

Authorization
string
header
required

Timbal API key. Obtain your API key from the Timbal platform settings. See Authentication for more information.

Path Parameters

org_id
string
required
provider_id
string
required

Body

application/json

Body for the dedicated default-role endpoint. The field is required but may be null to clear the catch-all role (no separate "unset" verb needed).

role_id
integer<int64> | null

Target role id, or null to remove the catch-all (group-mapping-only). Accepts a number or a stringified id.

Response

Updated connection

Masked view of a connection. Never includes the client secret.

allowed_domains
string[]
required
client_secret_set
boolean
required

Whether a client secret is configured. The secret itself is never returned.

created_at
integer<int64>
required
enabled
boolean
required
enforced
boolean
required

Read-only here: SSO enforcement isn't configurable via the API yet.

id
string
required
kind
string
required
org_id
string
required
provider_key
string
required
updated_at
integer<int64>
required
client_id
string | null

OIDC client id. null for non-OIDC kinds.

default_role_id
string | null

Catch-all role granted to JIT members with no matching group mapping. null = no catch-all role.

display_name
string | null
groups_claim
string | null
issuer
string | null

OIDC issuer. null for non-OIDC kinds (e.g. SAML), whose connection details live in kind-specific fields added when those kinds ship.

scopes
string | null