Skip to contentSkip to navigationSkip to topbar
On this page

Edit an SSO Teammate



API Overview

api-overview page anchor

The Single Sign-On APIs allow you to manage your SAML 2.0 SSO configurations. You can also work with your SSO integrations using the SSO section of the Twilio SendGrid App(link takes you to an external page).

The Single Sign-On Teammates API allows you to add and modify SSO Teammates. SSO Teammates are the individual user accounts who will access your Twilio SendGrid account with SSO credentials.

To retrieve or delete an SSO Teammate, you will use the Teammates API.

For more information about managing SSO Teammates, see the Twilio SendGrid SSO documentation.


PATCH/v3/sso/teammates/{username}

Base url: https://api.sendgrid.com (for global users and subusers)

Base url: https://api.eu.sendgrid.com (for EU regional subusers)

This endpoint allows you to modify an existing SSO Teammate.

Only the parent user and Teammates with admin permissions can update another Teammate's permissions.

Scopes

scopes page anchor

When updating a Teammate, you will assign it permissions or scopes. These scopes determine which actions the Teammate can perform and which features they can access. Scopes are provided with one of three properties passed to this endpoint: is_admin, scopes, and persona.

You can make a Teammate an administrator by setting is_admin to true. Administrators will have all scopes assigned to them. Alternatively, you can assign a persona to the teammate, which will assign them a block of permissions commonly required for that type of user. See the "Persona scopes" section of Teammate Permissions for a list of permsissions granted by persona. Lastly, you can assign individual permissions with the scopes property. See Teammate Permissions for a full list of scopes that can be assigned to a Teammate.

SendGrid Teammates may be assigned access to one or more Subusers. Subusers function like SendGrid sub-accounts with their own resources. See Subusers for more information.

When assigning Subuser access to a Teammate, you may set the has_restricted_subuser_access property to true to constrain the Teammate so that they can operate only on behalf of the Subusers to which they are assigned. You may further set the level of access the Teammate has to each Subuser with the subuser_access property.


Property nameTypeRequiredDescription
Authorizationstringrequired
Default: Bearer <<YOUR_API_KEY_HERE>>
Property nameTypeRequiredDescription
usernamestring<email>required

Set this parameter to the Teammate's email address. This address must be the same address assigned to the Teammate in your IdP.

Encoding type:application/json
SchemaExample
Property nameTypeRequiredDescriptionChild properties
first_namestringrequired

Set this property to the Teammate's first name.


last_namestringrequired

Set this property to the Teammate's last name.


is_adminboolean

Optional

Set this property to true if the Teammate has admin permissions. You should not include the scopes or persona properties when setting the is_admin property to true—an admin will be allocated all scopes. See Teammate Permissions for a complete list of scopes.


personaenum<string>

Optional

A persona represents a group of permissions often required by a type of Teammate such as a developer or marketer. Assigning a persona allows you to allocate a group of pre-defined permissions rather than assigning each scope individually. See Teammate Permissions for a full list of the scopes assigned to each persona.

Possible values:
accountantdevelopermarketerobserver

scopesarray[string]

Optional

Add or remove permissions from a Teammate using this scopes property. See Teammate Permissions for a complete list of available scopes. You should not include this propety in the request when using the persona property or when setting the is_admin property to true—assigning a persona or setting is_admin to true will allocate a group of permissions to the Teammate.


has_restricted_subuser_accessboolean

Optional

Set this property to true to give the Teammate permissions to operate only on behalf of a Subuser. This property value must be true if the subuser_access property is not empty. The subuser_access property determines which Subusers the Teammate may act on behalf of. If this property is set to true, you cannot specify individual scopes, assign a persona, or set is_admin to true—a Teammate cannot specify scopes for the parent account and have restricted Subuser access.


subuser_accessarray[object]

Optional

Specify which Subusers the Teammate may access and act on behalf of with this property. If this property is populated, you must set the has_restricted_subuser_access property to true.

200400401403429500

Successful SSO Teammates PATCH response.

SchemaExample
Property nameTypeRequiredDescriptionChild properties
addressstring

The Teammate's street address.


address2string

The Teammate's apartment number, suite number, or other secondary address information that is not part of the physical street address.


citystring

The Teammate's city.


companystring

The Teammate's company name.


countrystring

The Teammate's country of residence.


usernamestring

The Teammate's username. This property is set to the Teammate's email address.


phonestring

The Teammate's phone number.


statestring

The Teammate's state or province.


user_typeenum<string>

A Teammate can be an admin, owner, or teammate. Each role is associated with the scope of the Teammate's permissions.

Possible values:
adminownerteammate

websitestring

A website associated with the Teammate.


zipstring

The Teammate's zip code.


first_namestring

The Teammate's first name.


last_namestring

The Teammate's last name.


emailstring<email>

Teammate's email address. This email address also functions as the Teammate's username and must match the address assigned to the user in your IdP. This address cannot be changed after the Teammate is created.


is_adminboolean

Indicates if the Teammate has administrator permissions. When set to true, the Teammate is an admin.


is_ssoboolean

Indicates how the Teammate authenticates with SendGrid. When set to true, the Teammate will access SendGrid via SSO and their IdP. When set to false, the Teammate will authenticate directly with SendGrid via a username and password.


scopesarray[string]

The permissions or scopes currently assigned to the Teammate. See Teammate Permissions for a complete list of available scopes.


has_restricted_subuser_accessboolean

When this property is set to true, the Teammate has permissions to operate only on behalf of a Subuser. This property value is true when the subuser_access property is not empty. The subuser_access property determines which Subusers the Teammate may act on behalf of.


subuser_accessarray[object]

Specifies which Subusers the Teammate may access and act on behalf of. If this property is populated, the has_restricted_subuser_access property will be true.

Edit an SSO TeammateLink to code sample: Edit an SSO Teammate
1
const client = require("@sendgrid/client");
2
client.setApiKey(process.env.SENDGRID_API_KEY);
3
4
const username = "brian12@example.net";
5
const data = {
6
first_name: "Jane",
7
last_name: "Doe",
8
is_admin: true,
9
has_restricted_subuser_access: false,
10
};
11
12
const request = {
13
url: `/v3/sso/teammates/${username}`,
14
method: "PATCH",
15
body: data,
16
};
17
18
client
19
.request(request)
20
.then(([response, body]) => {
21
console.log(response.statusCode);
22
console.log(response.body);
23
})
24
.catch((error) => {
25
console.error(error);
26
});

Need some help?

Terms of service

Copyright © 2024 Twilio Inc.