> ## Documentation Index
> Fetch the complete documentation index at: https://developer.lexful.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Update SSO Connection Mappings

> Partially update user provisioning mappings for an SSO connection. Only provided fields will be updated.



## OpenAPI

````yaml /api/openapi.yaml patch /v1/sso_connections/{connectionId}/mappings
openapi: 3.0.3
info:
  title: Documentation Service API
  description: API documentation for Documentation Service
  version: 1.0.0
servers:
  - url: https://api.us.lexful.app
    description: US pod
security:
  - bearerAuth: []
    accountId: []
paths:
  /v1/sso_connections/{connectionId}/mappings:
    patch:
      tags:
        - SSO Connections
      summary: Update SSO Connection Mappings
      description: >-
        Partially update user provisioning mappings for an SSO connection. Only
        provided fields will be updated.
      parameters:
        - schema:
            type: string
          in: path
          name: connectionId
          required: true
          description: SSO connection ID
      requestBody:
        $ref: >-
          #/components/requestBodies/patch_v1_sso_connections__connectionId__mappings_request
      responses:
        '200':
          $ref: '#/components/responses/UpdateSSOConnectionMappingsResponse'
        '400':
          $ref: '#/components/responses/BadRequestResponse'
        '403':
          $ref: '#/components/responses/ForbiddenResponse'
        '404':
          $ref: '#/components/responses/NotFoundResponse'
        '500':
          $ref: '#/components/responses/InternalServerErrorResponse'
components:
  requestBodies:
    patch_v1_sso_connections__connectionId__mappings_request:
      required: true
      content:
        application/json:
          schema:
            $ref: >-
              #/components/schemas/patch_v1_sso_connections__connectionId__mappings_request_application_json
  responses:
    UpdateSSOConnectionMappingsResponse:
      description: Default Response
      content:
        application/json:
          schema:
            $ref: >-
              #/components/schemas/UpdateSSOConnectionMappingsResponse_application_json
    BadRequestResponse:
      description: Bad request - validation error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    ForbiddenResponse:
      description: Forbidden - insufficient permissions
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    NotFoundResponse:
      description: Resource not found
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    InternalServerErrorResponse:
      description: Internal server error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
  schemas:
    patch_v1_sso_connections__connectionId__mappings_request_application_json:
      type: object
      properties:
        default_role:
          type: string
          description: Default role assigned to users provisioned via this SSO connection
        default_organization_scopes:
          type: array
          items:
            type: string
          description: >-
            Default organization scopes for SSO users. Use ["*"] for all
            organizations.
        role_mapping:
          $ref: >-
            #/components/schemas/patch_v1_sso_connections__connectionId__mappings_request_application_json_role_mapping
        group_mapping:
          $ref: >-
            #/components/schemas/patch_v1_sso_connections__connectionId__mappings_request_application_json_group_mapping
    UpdateSSOConnectionMappingsResponse_application_json:
      type: object
      properties:
        default_role:
          type: string
          description: Default role assigned to users provisioned via this SSO connection
        default_organization_scopes:
          type: array
          items:
            type: string
          description: >-
            Default organization scopes for SSO users. Use ["*"] for all
            organizations.
        role_mapping:
          $ref: >-
            #/components/schemas/UpdateSSOConnectionMappingsResponse_application_json_role_mapping
        group_mapping:
          $ref: >-
            #/components/schemas/UpdateSSOConnectionMappingsResponse_application_json_group_mapping
    ErrorResponse:
      description: Bad request - validation error
      type: object
      properties:
        status:
          type: number
          description: HTTP status code
        message:
          type: string
          description: Error message
        error_id:
          type: string
          description: Unique error identifier
        error_code:
          type: string
          description: Error code
        developer_message:
          type: string
          description: Additional details for developers
    patch_v1_sso_connections__connectionId__mappings_request_application_json_role_mapping:
      type: object
      nullable: true
      description: Map IDP attribute values to internal roles (first match wins)
      properties:
        attribute_name:
          type: string
          description: >-
            SAML attribute name (URI) or OIDC claim name (e.g., "groups",
            "http://schemas.microsoft.com/ws/2008/06/identity/claims/groups")
        mappings:
          type: array
          items:
            $ref: >-
              #/components/schemas/patch_v1_sso_connections__connectionId__mappings_request_application_json_role_mapping_mappings_items
      required:
        - attribute_name
        - mappings
    patch_v1_sso_connections__connectionId__mappings_request_application_json_group_mapping:
      type: object
      nullable: true
      description: Map IDP attribute values to internal groups (all matches)
      properties:
        attribute_name:
          type: string
          description: >-
            SAML attribute name (URI) or OIDC claim name (e.g., "groups",
            "department")
        mappings:
          type: array
          items:
            $ref: >-
              #/components/schemas/patch_v1_sso_connections__connectionId__mappings_request_application_json_group_mapping_mappings_items
      required:
        - attribute_name
        - mappings
    UpdateSSOConnectionMappingsResponse_application_json_role_mapping:
      type: object
      nullable: true
      description: Map IDP attribute values to internal roles (first match wins)
      properties:
        attribute_name:
          type: string
          description: >-
            SAML attribute name (URI) or OIDC claim name (e.g., "groups",
            "http://schemas.microsoft.com/ws/2008/06/identity/claims/groups")
        mappings:
          type: array
          items:
            $ref: >-
              #/components/schemas/UpdateSSOConnectionMappingsResponse_application_json_role_mapping_mappings_items
      required:
        - attribute_name
        - mappings
    UpdateSSOConnectionMappingsResponse_application_json_group_mapping:
      type: object
      nullable: true
      description: Map IDP attribute values to internal groups (all matches)
      properties:
        attribute_name:
          type: string
          description: >-
            SAML attribute name (URI) or OIDC claim name (e.g., "groups",
            "department")
        mappings:
          type: array
          items:
            $ref: >-
              #/components/schemas/UpdateSSOConnectionMappingsResponse_application_json_group_mapping_mappings_items
      required:
        - attribute_name
        - mappings
    patch_v1_sso_connections__connectionId__mappings_request_application_json_role_mapping_mappings_items:
      type: object
      properties:
        idp_value:
          type: string
          description: Value from IDP attribute (e.g., "Admins", "Engineering")
        role:
          type: string
          enum:
            - admin
            - support
            - viewer
          description: Internal role to assign
      required:
        - idp_value
        - role
    patch_v1_sso_connections__connectionId__mappings_request_application_json_group_mapping_mappings_items:
      type: object
      properties:
        idp_value:
          type: string
          description: Value from IDP attribute (e.g., "Engineering", "Sales-EMEA")
        group_id:
          type: string
          format: uuid
          description: Internal group ID
      required:
        - idp_value
        - group_id
    UpdateSSOConnectionMappingsResponse_application_json_role_mapping_mappings_items:
      type: object
      properties:
        idp_value:
          type: string
          description: Value from IDP attribute (e.g., "Admins", "Engineering")
        role:
          type: string
          enum:
            - admin
            - support
            - viewer
          description: Internal role to assign
      required:
        - idp_value
        - role
    UpdateSSOConnectionMappingsResponse_application_json_group_mapping_mappings_items:
      type: object
      properties:
        idp_value:
          type: string
          description: Value from IDP attribute (e.g., "Engineering", "Sales-EMEA")
        group_id:
          type: string
          format: uuid
          description: Internal group ID
      required:
        - idp_value
        - group_id
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: Bearer token
    accountId:
      type: apiKey
      in: header
      name: X-Account-ID
      description: Account ID

````