Create SSO group mapping

curl --request POST \
  --url https://api.select.dev/api/{organization_id}/sso-group-mappings \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "sso_group_name": "<string>",
  "roles": [
    {
      "role": "admin",
      "scope": {
        "type": "organization",
        "id": "<string>"
      }
    }
  ]
}
'

{
  "sso_group_name": "<string>",
  "roles": [
    {
      "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "role": "admin",
      "scope": {
        "type": "organization",
        "id": "<string>",
        "name": "<string>"
      },
      "created_at": "2023-11-07T05:31:56Z",
      "updated_at": "2023-11-07T05:31:56Z"
    }
  ]
}

POST

api

{organization_id}

sso-group-mappings

Create SSO group mapping

curl --request POST \
  --url https://api.select.dev/api/{organization_id}/sso-group-mappings \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "sso_group_name": "<string>",
  "roles": [
    {
      "role": "admin",
      "scope": {
        "type": "organization",
        "id": "<string>"
      }
    }
  ]
}
'

{
  "sso_group_name": "<string>",
  "roles": [
    {
      "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "role": "admin",
      "scope": {
        "type": "organization",
        "id": "<string>",
        "name": "<string>"
      },
      "created_at": "2023-11-07T05:31:56Z",
      "updated_at": "2023-11-07T05:31:56Z"
    }
  ]
}

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

organization_id

string

required

Body

application/json

The SSO group configuration with initial roles

sso_group_name

string

required

The SSO group name from the identity provider

Minimum string length: 1

roles

PublicRoleCreate · object[]

required

Initial roles to assign to this SSO group

Minimum array length: 1

Show child attributes

roles.role

enum<string>

required

The role level to grant (admin, editor, monitor_editor, or viewer)

Available options:

admin,

editor,

monitor_editor,

viewer

roles.scope

RoleScopeRequest · object

The scope for this role. If not provided, creates an organization-wide role

Show child attributes

roles.scope.type

enum<string>

required

The type of scope for this role

Available options:

organization,

snowflake_organization,

snowflake_account,

usage_group

roles.scope.id

string | null

ID of the scoped entity (required for non-organization scopes)

Response

Successful Response

SSO group information with all its access roles.

sso_group_name

string

required

The SSO group name

roles

PublicSSOGroupAccessRole · object[]

required

All access roles for this SSO group

Show child attributes

roles.id

string<uuid>

required

The unique identifier of this role assignment

roles.role

enum<string>

required

The role level (admin, editor, monitor_editor, or viewer)

Available options:

admin,

editor,

monitor_editor,

viewer

roles.scope

RoleScope · object

required

The scope this role applies to

Show child attributes

roles.scope.type

enum<string>

required

The type of scope for this role

Available options:

organization,

snowflake_organization,

snowflake_account,

usage_group

roles.scope.id

string | null

ID of the scoped entity (organization ID, Snowflake org name, account UUID, or usage group ID)

roles.scope.name

string | null

Display name of the scoped entity (populated in responses)

roles.created_at

string<date-time>

required

When the role was created

roles.updated_at

string<date-time>

required

When the role was last updated

List SSO group mappings Update SSO group mapping

⌘I

Quickstart

API Reference

Create SSO group mapping

Authorizations

Path Parameters

Body

Response