SAML Authentication
Enterprise Single Sign-On via SAML providers. SAML login allows users who were provisioned through SAML identity providers to authenticate.
SAML Login
Authenticate a user via SAML provider. The user must have been previously provisioned with a SAML provider (provider name ends with -saml).
Endpoint: POST /uflow/user/saml/login
Request Body
{
"email": "string",
"client_id": "string"
}
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
email | string | Yes | User email address |
client_id | string | Yes | Client application ID |
Response
Success (200):
{
"access_token": "string",
"refresh_token": "string",
"email": "string",
"token_type": "bearer"
}
Error Responses:
400- Bad request - invalid input401- Unauthorized - SAML user not found or provider does not end with-saml500- Internal Server Error
Prerequisites
- The user must be provisioned through a SAML identity provider
- The user's
providerfield must end with-saml(e.g.,okta-saml,azure-saml) - A valid
client_idmust be provided to scope the authentication
Integration Notes
SAML authentication in AuthSec works alongside OIDC providers. While OIDC handles the interactive browser-based flow, SAML login is used for users who have been provisioned through enterprise identity providers like Okta, Azure AD (via SAML), or OneLogin.