Skip to main content
GET
/
orgs
/
{org_id}
/
sso
/
domains
List SSO Domains
curl --request GET \
  --url https://api.useinvent.com/orgs/{org_id}/sso/domains \
  --header 'Authorization: Bearer <token>'
[
  {
    "id": "<string>",
    "domain": "<string>",
    "auto_join": true,
    "default_role": "ADMIN",
    "sync_profile": true,
    "allow_email_change": true,
    "allow_profile_change": true,
    "verification_email": "<string>",
    "verified_at": "2023-11-07T05:31:56Z",
    "created_at": "2023-11-07T05:31:56Z",
    "updated_at": "2023-11-07T05:31:56Z"
  }
]

Authorizations

Authorization
string
header
required

Bearer token authentication using your API key

Path Parameters

org_id
string
required

Org ID

Query Parameters

page
number

Page number

take
number

Number of items to take

next
string

Next page token (Only used on special endpoints)

Response

200 - application/json
id
string
required

Unique identifier for the SSO domain claim

domain
string
required

Email domain claimed by this SSO entry (e.g., acme.com)

auto_join
boolean
required

Whether users signing up with an email matching this domain are auto-joined to the org as members. Independent of SSO login — applies to all auth methods.

default_role
enum<string>
required

Role assigned to auto-joined members

Available options:
ADMIN,
DEVELOPER,
MANAGER,
STAFF
sync_profile
boolean
required

Whether to sync profile fields (name, avatar, email) from the IdP on every sign-in. When false, identity data is frozen after first write.

allow_email_change
boolean
required

Whether users on this domain can self-serve change their email address. OIDC-connected users are always blocked regardless of this flag.

allow_profile_change
boolean
required

Whether users on this domain can self-serve change their name and avatar. OIDC-connected users are always blocked regardless of this flag.

verification_email
string
required

Email address used to verify this domain claim

verified_at
string<date-time> | null
required

Timestamp when the domain claim was verified

created_at
string<date-time> | null
required

Timestamp when the SSO domain was created

updated_at
string<date-time> | null
required

Timestamp when the SSO domain was last updated