Interface: SSOConfigData

Defined in: packages/sdk/src/types/generated/organization.ts:504

Typed SSO configuration data stored in sso_config JSONB column.

This model defines the structure for provider-specific SSO settings that don't need database indexing.

SECURITY NOTE: SSO can NEVER grant superuser status. The maximum role that can be auto-provisioned via SSO is org_owner. Superuser accounts must be created directly in the database.

SECURITY NOTE: This model uses extra="ignore" to ensure any additional fields stored in the JSONB (such as secrets or PII) are never exposed in API responses. OIDC client credentials are stored in environment variables (SYSTEM_CONFIG), NOT in the database. If per-org OIDC credentials are needed in the future, they must be stored encrypted (like OauthCredential) or in AWS Secrets Manager.

Properties

autoProvision?

optional autoProvision: boolean

Defined in: packages/sdk/src/types/generated/organization.ts:506

providerType?

optional providerType: string | null

Defined in: packages/sdk/src/types/generated/organization.ts:505

roleMapping?

optional roleMapping: SSOConfigDataRoleMapping

Defined in: packages/sdk/src/types/generated/organization.ts:507

Properties​

autoProvision?​

providerType?​

roleMapping?​

Properties

autoProvision?

providerType?

roleMapping?