> Markdown version of https://authpi.com/docs/reference/idp-api/sso/ — fetch the complete AuthPI docs index at https://authpi.com/llms.txt to discover all available pages.

# SSO — AuthPI Identity Provider API

## GET /{issuer_id}/sso/discover

**Discover SSO for Email**

Check if an email address belongs to an organization with SSO enabled.

Used by the login page to determine if the user should be redirected to their organization's Identity Provider (Okta, Microsoft Entra ID, etc.) instead of showing a password form.

**Portal-authenticated only.** Requires the `Authpi-Portal` header.

### Path parameters

| Name | Type | Required | Description |
| --- | --- | --- | --- |
| `issuer_id` | string | Required | Issuer ID |

### Query parameters

| Name | Type | Required | Description |
| --- | --- | --- | --- |
| `email` | string | Required | User's email address |

### Responses

| Code | Description | Schema |
| --- | --- | --- |
| 200 | SSO discovery result | `object` |
| 400 | **Bad Request** - The request is malformed or missing required parameters. | `OAuthError` |
| 401 | **Unauthorized** - Authentication is required or has failed. | `OAuthError` |
| 403 | **Forbidden** - The authenticated client or user lacks permission for this operation. | `OAuthError` |
| 404 | **Not Found** - The requested resource does not exist. | `OAuthError` |
| 422 | **Unprocessable Entity** - The request syntax is correct but the data cannot be processed. | `OAuthError` |
| 429 | **Too Many Requests** - Rate limit exceeded. | `OAuthError` |
| 500 | **Internal Server Error** - An unexpected error occurred. | `OAuthError` |