This article explains how to create SAML Enterprise Connections using client-provided metadata XML files.

• SAML Enterprise Connection 

Currently, this is only possible when using the Management API and cannot be done with the Dashboard GUI:

• Create a connection using SAML metadata

There are two methods depending on how the metadata is shared.

1. The simplest is when the file is hosted on a publicly accessible URL. Specify this in the metadataUrl parameter for a new connection request:  

curl --request POST \
  --url 'https://<domain>/api/v2/connections' \
  --header 'authorization: Bearer MGMT_API_ACCESS_TOKEN' \
  --header 'cache-control: no-cache' \
  --header 'content-type: application/json' \
  --data '{ "strategy": "samlp", "name": "CONNECTION_NAME", "options": { "metadataUrl": "<metadata URL>" } }'

2. Alternatively, pass the metadata XML directly using metadataXml:

   curl --request POST \
     --url 'https://<domain>/api/v2/connections' \
     --header 'authorization: Bearer MGMT_API_ACCESS_TOKEN' \
     --header 'cache-control: no-cache' \
     --header 'content-type: application/json' \
     --data '{ "strategy": "samlp", "name": "CONNECTION_NAME", "options": { "metadataXml": "<EntityDescriptor entityID='\''urn:saml-idp'\'' xmlns='\''urn:oasis:names:tc:SAML:2.0:metadata'\''>...</EntityDescriptor>" } }'

To call the Management API for the tenant, first obtain a Management API token with the scope create:connections. Once a valid token is available, add it to the samples above in place of MGMT_API_ACCESS_TOKEN.

See the below link for steps on retrieving a Management API token and creating a connection endpoint:

• Management API Access Tokens

• Create a connection