Skip to main content
POST
/
orgs
/
{org_id}
/
sso
/
domains
Create SSO Domain
curl --request POST \
  --url https://api.useinvent.com/orgs/{org_id}/sso/domains \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "email": "jsmith@example.com",
  "code": 549999
}
'
{
  "id": "<string>",
  "domain": "<string>",
  "auto_join": true,
  "default_role": "ADMIN",
  "sync_profile": true,
  "allow_email_change": true,
  "allow_profile_change": true,
  "verification_email": "<string>",
  "verified_at": "2023-11-07T05:31:56Z",
  "created_at": "2023-11-07T05:31:56Z",
  "updated_at": "2023-11-07T05:31:56Z"
}

Authorizations

Authorization
string
header
required

Bearer token authentication using your API key

Path Parameters

org_id
string
required

Org ID

Body

Confirm the verification code and create the SSO domain

email
string<email>
required

The email address the code was sent to

Maximum string length: 255
code
integer
required

6-digit code received via email

Required range: 100000 <= x <= 999999

Response

200 - application/json

A verified email domain claimed by an org

id
string
required

Unique identifier for the SSO domain claim

domain
string
required

Email domain claimed by this SSO entry (e.g., acme.com)

auto_join
boolean
required

Whether users signing up with an email matching this domain are auto-joined to the org as members. Independent of SSO login — applies to all auth methods.

default_role
enum<string>
required

Role assigned to auto-joined members

Available options:
ADMIN,
DEVELOPER,
MANAGER,
STAFF
sync_profile
boolean
required

Whether to sync profile fields (name, avatar, email) from the IdP on every sign-in. When false, identity data is frozen after first write.

allow_email_change
boolean
required

Whether users on this domain can self-serve change their email address. OIDC-connected users are always blocked regardless of this flag.

allow_profile_change
boolean
required

Whether users on this domain can self-serve change their name and avatar. OIDC-connected users are always blocked regardless of this flag.

verification_email
string
required

Email address used to verify this domain claim

verified_at
string<date-time> | null
required

Timestamp when the domain claim was verified

created_at
string<date-time> | null
required

Timestamp when the SSO domain was created

updated_at
string<date-time> | null
required

Timestamp when the SSO domain was last updated