Skip to main content
Back to API List APIs to manage an account’s SSO configurations.
These APIs support SAML, WSFED, and OIDC protocols.
Available APIs:

Fetch the SSO Meta API

If SSO is enabled, returns the existing SSO configuration along with the URLs. If SSO is disabled, returns only the URLs.
PropertyValue
MethodGET
Endpointhttps://{{host}}/api/public/bot/{{BotID}}/ssoconfig
Content Typeapplication/json
Authorizationauth: {{JWT}} — See How to generate the JWT Token.
API ScopeApp Builder: Not Applicable; Admin Console: User Management > SSO Configuration

Query Parameters

ParameterDescriptionRequired
hostThe environment URL. For example, https://platform.kore.aiRequired
BotIdBot ID or Stream ID. You can access it by navigating to App SettingsApp Profile in the app builder.Required
SSOProtocolThe SSO protocol value.Required

Sample Request

curl --location --request GET \
'https://{{host}}/api/public/ssoconfig?SSOProtocol=saml' \
--header 'auth: {jwt-token}' \
--header 'bot-language: {language-code}' \
--header 'Content-Type: application/json' \
--data ''

Headers Parameters

HeaderDescriptionRequired/Optional
authJWT token for authentication.required
bot-languageThe language code used to specify the bot language for the request.optional

Sample Response (If SSO is enabled)

{
    "ACS_IDP_URL": "https://{{host}}/api/sso/login/callback?c=e-92d9c14543721ecc925c33986d6e012d0efc2ab1309684d5ebaacf79b2fxxxxx&redirect_url=https%3A%2F%2Fexample.com%2Fbuilder%2F%3Fquery%3D1",
    "ACS_SP_CallBack_URL": "https://{{callback_url}}/authorize/callback",
    "ssoConfig": {
        "method": "saml",
        "allusers": false,
        "ssoProvider": "okta",
        "autoOnboarding": {
            "restrict": true
        },
        "modifiedDate": "2026-02-26T07:29:05.798Z",
        "modifiedBy": {
            "userId": "u-d705dfbb-6300-55e3-bdad-ad85bb4xxxxx",
            "firstName": "test",
            "lastName": "test"
        },
        "skip2faVerification": {
            "idp": true,
            "sp": true
        },
        "config": {
            "cert": [
                "{{certificate ID}}
            ],
            "entryPoint": "https://{{host}}/api/sso/login/callback?c=e-92d9c14543721ecc925c33986d6e012d0efc2ab1309684d5ebaacf79b2fxxxxx&redirect_url=https%3A%2F%2Fexample.com%2Fbuilder%2F%3Fquery%3D1",
            "issuer": "http://www.okta.com/exk103k28zn7qYYxxxxx",
            "disableRequestedAuthnContext": false
        },
        "samlAttributeMapping": {
            "fullSynchronization": "enabled",
            "status": "active",
            "attributeMapping": [
                {
                    "samlAttributeName": "role",
                    "samlAttributeValue": "Admin",
                    "attributeType": "Role",
                    "koreAttribute": "isDeveloper"
                }
            ]
        }
    }
}

Response Parameters

If SSO is enabled, the API returns the following:
PARAMETERDATA TYPEDESCRIPTION
ACS IDP URLStringACS URL for IDP Initiated SAML Flow.
ACS SP CallBack URLStringThe endpoint on the Service Provider (SP) that receives the SAML response from the Identity Provider (IdP) after successful user authentication.
ssoConfigObjectContainer for all SAML SSO configuration settings.
ssoConfig.methodstringSSO method configured between the Service Provider (SP) and the Identity Provider (IdP) to exchange authentication requests and responses. Value is saml.
ssoConfig.allusersbooleanIndicates whether SSO applies to all users in the workspace.
ssoConfig.ssoProviderStringSupported SAML-compatible Identity Providers include:
Okta
Others
OneLogin
Bitium
ssoConfig.autoOnboardingobjectConfiguration controlling automatic user onboarding behavior.
ssoConfig.autoOnboarding.restrictbooleanWhen enabled, prevents automatic onboarding of users during first-time login.
ssoConfig.modifiedDateDateThe date when the SSO configuration was modified in YYYY-MM-DD format, and Time in HH:MM:SS format.
ssoConfig.modifiedByobjectDetails of the user who last modified the configuration.
ssoConfig.modifiedBy.userIdstringUnique identifier of the user who modified the configuration.
ssoConfig.modifiedBy.firstNamestringFirst name of the modifying user.
ssoConfig.modifiedBy.lastNamestringLast name of the modifying user.
ssoConfig.skip2faVerificationObjectConfiguration to skip 2FA verification during first-time login.
ssoConfig.skip2faVerification.idpbooleanIf enabled, skips 2FA enforcement at the identity provider during first-time SAML authentication.
ssoConfig.skip2faVerification.spbooleanIf enabled, skips 2FA enforcement at the service provider during first-time login.
ssoConfig.config.certStringThe SSO certificate.

Note:
This field is an array.
The Maximum number of values supported is two.
ssoConfig.config.entryPointStringThe URL of the SSO entry point.
ssoConfig.config.IssuerStringThe URL of the SSO issuer.
ssoConfig.config.disableRequestedAuthnContextbooleanDetermines whether the SP omits the RequestedAuthnContext element in authentication requests.
ssoConfig.samlAttributeMappingobjectMapping rules between SAML attributes and application user attributes.
ssoConfig.samlAttributeMapping.fullSynchronizationstringIndicates whether full attribute synchronization is enabled (enabled / disabled).
ssoConfig.samlAttributeMapping.statusstringCurrent status of attribute mapping (for example, active).
ssoConfig.samlAttributeMapping.attributeMappingArray of objectsList of SAML-to-application attribute mapping rules.
ssoConfig.samlAttributeMapping.attributeMapping.samlAttributeNameStringName of the attribute received from the SAML assertion.
ssoConfig.samlAttributeMapping.attributeMapping.samlAttributeValueStringExpected value of the SAML attribute.
ssoConfig.samlAttributeMapping.attributeMapping.attributeTypestringType of application attribute being mapped, for example, Role.
ssoConfig.samlAttributeMapping.attributeMapping.koreAttributestringCorresponding application-specific attribute to be set.

Sample Response (SSO disabled)

{
    "ACS_IDP_URL": "https://sit-xx.xxxx.ai/api/sso/login/callback?c=e-92d9c14543721ecc925c33986d6e012d0efc2ab1309684d5ebaacf79b2xxxxx&redirect_url=https%3A%2F%2Fsit-xo.kore.ai%2Fbuilder%2F%3Fquery%3D1",
    "ACS_SP_CallBack_URL": "https://sit-xxxx-idp.xxxx.ai:4xx/authorize/callback"
}

Response Parameters

PARAMETERDATA TYPEDESCRIPTION
ACS IDP URLStringACS URL for IDP Initiated SAML Flow.
ACS SP CallBack URLStringACS URL for SP Initiated SAML Flow.

Enable SSO API

Enables the SSO configuration for an account.
PropertyValue
MethodPOST
Endpointhttps://{{host}}/api/public/bot/{{BotID}}/ssoconfig
Content Typeapplication/json
Authorizationauth: {{JWT}} — See How to generate the JWT Token.
API ScopeApp Builder: Not Applicable; Admin Console: User Management > SSO Configuration

Path Parameters

ParameterDescriptionRequired
hostThe environment URL. For example, https://platform.kore.aiRequired
BotIdBot ID or Stream ID. You can access it by navigating to App SettingsApp Profile in the App Builder.Required

Sample Request

curl --location 'https://{{host}}/api/public/ssoconfig' \
--header 'auth: <jwt_token>' \
--header 'bot-language: {language-code}' \
--header 'Content-Type: application/json' \
--data '{
    "SSO_Authentication": "enable",
    "SSOProtocol": "saml",
    "SAML_IdentityProvider": "okta",
    "SingleSignOnURL": "https://example.com/api/sso/login/callback?c=e-92d9c14543721ecc925c33986d6e012d0efc2ab1309684d5ebaacf79b2fxxxxx&redirect_url=https%3A%2F%2Fexample.com%2Fbuilder%2F%3Fquery%3D1",
    "IssuerURL": "http://www.okta.com/exk103k28zn7qYYxxxxx",
    "Certificate": [
        "{{certificate_Id}}"
    ],
    "autoOnboarding": {
      "restrict": true
    },
   "skip2faVerification" : {
     "idp": true,
     "sp": true
   },
    "SAMLAttributeMapping": true,
    "SyncBehaviour": "Synchronize_UpdateExisting",
    "AttributeMapping": [
        {
            "SAMLAttribute_Name": "role",
            "SAMLAttribute_Value": "Admin",
            "Attribute_Type": "Role",
            "Kore_Attribute": "isDeveloper"
        }
    ]
}'

Body Parameters

PARAMETERDATA TYPEDESCRIPTIONREQUIRED/OPTIONAL
SSO AuthenticationStringThis parameter enables the overall configuration.Required
SSO ProtocolStringThis parameter indicates the SSO protocol the admin wants to enable for the account. For example, saml.Required
SAML Identity ProviderStringThis parameter defines the SAML Identity provider the admin is using to enable the SSO. For example, okta.Required
Single SignOn URLStringThe SSO URL for the account.Required
Issuer URLDateThe URL of the SSO issuer.Required
certificate StringThe SSO certificate.

Note:
This field is an array.
The Maximum number of values supported is two.		Required
autoOnboardingobjectConfiguration controlling automatic user onboarding behavior.Optional
autoOnboarding.restrictbooleanWhen enabled, prevents automatic onboarding of users during first-time login.Optional
skip2faVerificationobjectConfiguration to skip 2FA verification during first-time login.Optional
skip2faVerification.idpbooleanIf enabled, skips 2FA enforcement at the identity provider during first-time SAML authentication.Optional
skip2faVerification.spbooleanIf enabled, skips 2FA enforcement at the service provider during first-time login.Optional
SAML Attribute MappingBooleanIf enabled (true), SAML attribute mapping is done based on the sync behavior.Optional. If the parameter is not defined in the request body, the default value is Disabled (False).
Sync BehaviourStringIncludes one of the following values:
Synchronize_UpdateExisting: Synchronize by updating the existing SSO configuration.
AddNew_RetainExisting: Add a new SSO configuration by retaining the existing values.		Required if the SAMLAttributeMapping parameter is enabled.
Attribute MappingArray of Objects.List of SAML-to-application attribute mapping rules.Required
Attribute Mapping.samlAttributeNamestringName of the attribute received from the SAML assertion.Required
Attribute Mapping.samlAttributeValuestringExpected value of the SAML attribute.Required
Attribute Mapping.attributeTypestringType of application attribute being mapped (for example, Role).Required
Attribute Mapping.koreAttributestringCorresponding application-specific attribute to be set.Required

Sample Response

{
    "method": "saml",
    "name": "john.doe@example.com",
    "allusers": false,
    "ssoProvider": "okta",
    "autoOnboarding": {
        "restrict": true
    },
    "modifiedDate": "2026-02-27T07:33:45.509Z",
    "modifiedBy": "u-d705dfbb-6300-55e3-bdad-ad85bb4xxxxx,
    "skip2faVerification": {
        "idp": true,
        "sp": true
    },
    "config": {
        "cert": [
            "{{certificate_Id}}"
        ],
        "entryPoint": "https://example.com/api/sso/login/callback?c=e-92d9c14543721ecc925c33986d6e012d0efc2ab1309684d5ebaacf79b2fxxxxx&redirect_url=https%3A%2F%2Fexample.com%2Fbuilder%2F%3Fquery%3D1",
        "issuer": "http://www.okta.com/exk103k28zn7qYYxxxxx",
        "disableRequestedAuthnContext": false
    },
    "samlAttributeMapping": {
        "fullSynchronization": "enabled",
        "status": "active",
        "attributeMapping": [
            {
                "samlAttributeName": "role",
                "samlAttributeValue": "Admin",
                "attributeType": "Role",
                "koreAttribute": "isDeveloper"
            }
        ]
    },
    "providername": "okta",
    "ACS_IDP_URL": "https://example.com/api/sso/login/callback?c=e-92d9c14543721ecc925c33986d6e012d0efc2ab1309684d5ebaacf79b2fxxxxx&redirect_url=https%3A%2F%2Fexample.com%2Fbuilder%2F%3Fquery%3D1",
    "ACS_SP_CallBack_URL": "https://example.com:443/authorize/callback",
    "message": "SSO Configuration created successfully"
}

Disable SSO API

Disables the SSO configuration for an account.
PropertyValue
MethodDELETE
Endpointhttps://{{host}}/API/public/ssoconfig
Content Typeapplication/json
Authorizationauth: {{JWT}} — See How to generate the JWT Token.
API ScopeApp Builder: Not Applicable; Admin Console: User Management > SSO Configuration

Path Parameters

ParameterDescriptionRequired
hostThe environment URL. For example, https://platform.kore.aiRequired

Sample Request

curl --location --request DELETE 'https://{{host}}/api/public/ssoconfig' \
     --header 'auth: {jwt-token}' \
     --header 'bot-language: {language-code}' \
     --header 'Content-Type: application/json' \
--data ''

Body Parameters

No body parameters.

Sample Response

{
   "message": "SSO Configuration disabled"
}

Update SSO API

Updates the SSO configuration for an account.
PropertyValue
MethodPOST
Endpointhttps://{host}/API/public/ssoconfig
Content Typeapplication/json
Authorizationauth: {{JWT}} — See How to generate the JWT Token.
API ScopeApp Builder: Not Applicable; Admin Console: User Management > SSO Configuration

Path Parameters

ParameterDescriptionRequired
hostThe environment URL. For example, https://platform.kore.aiRequired

Sample Request

curl --location 'https://{{host}}/api/public/ssoconfig' \
--header 'auth: {{jwt_token}}' \
--header 'bot-language: {language-code}' \
--header 'Content-Type: application/json' \
--data '{
    "SSO_Authentication": "enable",
    "SSOProtocol": "saml",
    "SAML_IdentityProvider": "okta",
    "SingleSignOnURL": "{{SingleSignOnURL}}",
    "IssuerURL": "http://www.okta.com/exk103k28zn7qYYxxxxx",
    "Certificate": [
        "{{certificate_Id}}"
    ],
    "autoOnboarding": {
      "restrict": true
    },
   "skip2faVerification" : {
     "idp": true,
     "sp": true
   },
    "SAMLAttributeMapping": true,
    "SyncBehaviour": "Synchronize_UpdateExisting",
    "AttributeMapping": [
        {
            "SAMLAttribute_Name": "role",
            "SAMLAttribute_Value": "Admin",
            "Attribute_Type": "Role",
            "Kore_Attribute": "isDeveloper"
        }
    ]
}'

Body Parameters

PARAMETERDATA TYPEDESCRIPTIONREQUIRED/OPTIONAL
SSO AuthenticationStringThis parameter enables the overall configuration.Required
SSO ProtocolStringThis parameter indicates the SSO protocol the admin wants to enable for the account. For example, saml.Required
SAML Identity ProviderStringThis parameter defines the SAML Identity provider the admin is using to enable the SSO. For example, okta.Required
Single SignOn URLStringThe SSO URL for the account.Required
Issuer URLDateThe URL of the SSO issuer.Required
certificateStringThe SSO certificate.

Note:
This field is an array.
The Maximum number of values supported is two.		Required
autoOnboardingobjectConfiguration controlling automatic user onboarding behavior.Optional
autoOnboarding.restrictbooleanWhen enabled, prevents automatic onboarding of users during first-time login.Optional
skip2faVerificationobjectConfiguration to skip 2FA verification during first-time login.Optional
skip2faVerification.idpbooleanIf enabled, skips 2FA enforcement at the identity provider during first-time SAML authentication.Optional
skip2faVerification.spbooleanIf enabled, skips 2FA enforcement at the service provider during first-time login.Optional
SAML Attribute MappingBooleanIf enabled (true), SAML attribute mapping is done based on the sync behavior.Optional. If the parameter is not defined in the request body, the default value is Disabled (False).
Sync BehaviourStringIncludes one of the following values:
Synchronize_UpdateExisting: Synchronize by updating the existing SSO configuration.
AddNew_RetainExisting: Add a new SSO configuration by retaining the existing values.		Required if the SAMLAttributeMapping parameter is enabled.
Attribute MappingArray of Objects.List of SAML-to-application attribute mapping rules.Required
Attribute Mapping.samlAttributeNamestringName of the attribute received from the SAML assertion.Required
Attribute Mapping.samlAttributeValuestringExpected value of the SAML attribute.Required
Attribute Mapping.attributeTypestringType of application attribute being mapped (e.g., Role).Required
Attribute Mapping.koreAttributestringCorresponding application-specific attribute to be set.Required

Sample Response

{
    "method": "saml",
    "name": "john.doe@example.com",
    "allusers": false,
    "ssoProvider": "okta",
    "autoOnboarding": {
        "restrict": true
    },
    "modifiedDate": "2026-02-26T07:28:07.347Z",
    "modifiedBy": "u-d705dfbb-6300-55e3-bdad-ad85bb41xxxxx",
    "skip2faVerification": {
        "idp": true,
        "sp": true
    },
    "config": {
        "cert": [
            "{{certificate ID}}"
        ],
        "entryPoint": "https://example.com/api/sso/login/callback?c=e-92d9c14543721ecc925c33986d6e012d0efc2ab1309684d5ebaacf79b2fxxxxx&redirect_url=https%3A%2F%2Fexample.com%2Fbuilder%2F%3Fquery%3D1",
        "issuer": "http://www.okta.com/exk103k28zn7qYYxxxxx",
        "disableRequestedAuthnContext": false
    },
    "samlAttributeMapping": {
        "fullSynchronization": "enabled",
        "status": "active",
        "attributeMapping": [
            {
                "samlAttributeName": "role",
                "samlAttributeValue": "Admin",
                "attributeType": "Role",
                "koreAttribute": "isDeveloper"
            }
        ]
    },
    "providername": "okta",
    "ACS_IDP_URL": "https://example.com/api/sso/login/callback?c=e-92d9c14543721ecc925c33986d6e012d0efc2ab1309684d5ebaacf79b2fxxxxx&redirect_url=https%3A%2F%2Fexample.com%2Fbuilder%2F%3Fquery%3D1",
    "ACS_SP_CallBack_URL": "https://example.com:443/authorize/callback",
    "message": "SSO Configuration updated successfully"
}