> ## Documentation Index > Fetch the complete documentation index at: https://lightdash-mintlify-cccf65ca.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # Get generic OIDC SSO configuration > Returns the current organization's generic OIDC SSO configuration (sensitive fields are not included). ## OpenAPI ````yaml https://raw.githubusercontent.com/lightdash/lightdash/refs/heads/main/packages/backend/src/generated/swagger.json get /api/v1/org/sso/oidc openapi: 3.0.0 info: title: Lightdash API version: 0.3233.0 description: > Open API documentation for all public Lightdash API endpoints. # Authentication Before you get started, you might need to create a Personal Access Token to authenticate via the API. You can create a token by following this guide: https://docs.lightdash.com/references/personal_tokens license: name: MIT contact: name: Lightdash Support email: support@lightdash.com url: https://docs.lightdash.com/help-and-contact/contact/contact_info/ servers: - url: / security: [] tags: - name: My Account description: These routes allow users to manage their own user account. - name: Organizations description: >- Each user is a member of a single organization. These routes allow users to manage their organization. Most actions are only available to admin users. - name: Projects description: >- Projects belong to a single organization. These routes allow users to manage their projects, browse content, and execute queries. Users inside an organization might have access to a project from an organization-level role or they might be granted access to a project directly. - name: Spaces description: >- Spaces allow you to organize charts and dashboards within a project. They also allow granular access to content by allowing you to create private spaces, which are only accessible to the creator and admins. - name: Roles & Permissions description: >- These routes allow users to manage roles and permissions for their organization. externalDocs: url: https://docs.lightdash.com/references/roles - name: Query description: >- These routes allow users to execute and manage queries against their data warehouse. This includes metric queries, SQL queries, and retrieving query results. paths: /api/v1/org/sso/oidc: get: tags: - Organizations summary: Get generic OIDC SSO configuration description: |- Returns the current organization's generic OIDC SSO configuration (sensitive fields are not included). operationId: GetGenericOidcSsoConfig parameters: [] responses: '200': description: Ok content: application/json: schema: $ref: '#/components/schemas/ApiGenericOidcSsoConfigResponse' default: description: Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorPayload' security: [] components: schemas: ApiGenericOidcSsoConfigResponse: properties: results: allOf: - $ref: '#/components/schemas/GenericOidcSsoConfigSummary' nullable: true status: type: string enum: - ok nullable: false required: - results - status type: object ApiErrorPayload: properties: error: properties: data: $ref: '#/components/schemas/AnyType' description: Optional data containing details of the error message: type: string description: A friendly message summarising the error name: type: string description: Unique name for the type of error statusCode: type: number format: integer description: HTTP status code required: - name - statusCode type: object status: type: string enum: - error nullable: false required: - error - status type: object description: |- The Error object is returned from the api any time there is an error. The message contains GenericOidcSsoConfigSummary: allOf: - $ref: >- #/components/schemas/Pick_GenericOidcSsoConfig.clientId-or-metadataDocumentEndpoint-or-scopes_ - $ref: '#/components/schemas/OrganizationSsoMethodFlags' - properties: hasClientSecret: type: boolean required: - hasClientSecret type: object AnyType: description: |- This AnyType is an alias for any The goal is to make it easier to identify any type in the codebase without having to eslint-disable all the time These are only used on legacy `any` types, don't use it for new types. This is added on a separate file to avoid circular dependencies. Pick_GenericOidcSsoConfig.clientId-or-metadataDocumentEndpoint-or-scopes_: properties: clientId: type: string metadataDocumentEndpoint: type: string description: OIDC discovery document URL (`.well-known/openid-configuration`). scopes: type: string nullable: true description: >- Optional extra scopes (space-separated) appended to the auth request. required: - clientId - metadataDocumentEndpoint - scopes type: object description: From T, pick a set of properties whose keys are in the union K OrganizationSsoMethodFlags: properties: allowPassword: type: boolean description: >- Controls whether email+password sign-in is shown alongside this method when it matches a user. When multiple matching SSO methods disagree, lenient rule applies (ANY method that allows → show password). emailDomains: items: type: string type: array description: >- Strict whitelist (only consulted when `overrideEmailDomains` is true). overrideEmailDomains: type: boolean description: |- When true, the method's own `emailDomains` list governs discovery. When false, the org's `allowed_email_domains` is used instead. enabled: type: boolean description: >- When false the method is hidden from precheck even if discovery would match. required: - allowPassword - emailDomains - overrideEmailDomains - enabled type: object description: >- Per-row flags shared by every SSO method configured at the org level. Stored as plain columns alongside the encrypted provider-specific config. ````