Skip to main content
PATCH
/
orgs
/
{org_id}
/
identity-providers
/
{provider_id}
cURL
curl --request PATCH \
  --url https://api.timbal.ai/orgs/{org_id}/identity-providers/{provider_id} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "allowed_domains": [
    "<string>"
  ],
  "client_id": "<string>",
  "client_secret": "<string>",
  "display_name": "<string>",
  "enabled": true,
  "groups_claim": "<string>",
  "issuer": "<string>",
  "scopes": "<string>"
}
'
{
  "allowed_domains": [
    "<string>"
  ],
  "client_secret_set": true,
  "created_at": 123,
  "enabled": true,
  "enforced": true,
  "id": "<string>",
  "kind": "<string>",
  "org_id": "<string>",
  "provider_key": "<string>",
  "updated_at": 123,
  "client_id": "<string>",
  "default_role_id": "<string>",
  "display_name": "<string>",
  "groups_claim": "<string>",
  "issuer": "<string>",
  "scopes": "<string>"
}

Authorizations

Authorization
string
header
required

Timbal API key. Obtain your API key from the Timbal platform settings. See Authentication for more information.

Path Parameters

org_id
string
required
provider_id
string
required

Body

application/json

Update a connection. All fields optional; absent = unchanged. client_secret is write-only — supply it only to rotate.

allowed_domains
string[] | null
client_id
string | null
client_secret
string | null
display_name
string | null
enabled
boolean | null
groups_claim
string | null
issuer
string | null
scopes
string | null

Response

Updated connection

Masked view of a connection. Never includes the client secret.

allowed_domains
string[]
required
client_secret_set
boolean
required

Whether a client secret is configured. The secret itself is never returned.

created_at
integer<int64>
required
enabled
boolean
required
enforced
boolean
required

Read-only here: SSO enforcement isn't configurable via the API yet.

id
string
required
kind
string
required
org_id
string
required
provider_key
string
required
updated_at
integer<int64>
required
client_id
string | null

OIDC client id. null for non-OIDC kinds.

default_role_id
string | null

Catch-all role granted to JIT members with no matching group mapping. null = no catch-all role.

display_name
string | null
groups_claim
string | null
issuer
string | null

OIDC issuer. null for non-OIDC kinds (e.g. SAML), whose connection details live in kind-specific fields added when those kinds ship.

scopes
string | null