# createEnterpriseConnection()

Creates a new enterprise connection.

Returns the created [`EnterpriseConnection`](https://clerk.com/docs/reference/backend/types/backend-enterprise-connection.md) object.

```typescript
function createEnterpriseConnection(params: CreateEnterpriseConnectionParams): Promise<EnterpriseConnection>
```

## `CreateEnterpriseConnectionParams`

| Property                                              | Type                                                                                                                                                                                                                                                                                                                                                | Description                                                                                                                       |
| ----------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- |
| <a id="active"></a> `active?`                         | `boolean`                                                                                                                                                                                                                                                                                                                                           | Whether the enterprise connection should be active.                                                                               |
| <a id="domains"></a> `domains?`                       | `string[]`                                                                                                                                                                                                                                                                                                                               | The [Verified Domains](https://clerk.com/docs/guides/organizations/add-members/verified-domains.md) of the enterprise connection. |
| <a id="name"></a> `name?`                             | `string`                                                                                                                                                                                                                                                                                                                                            | The name of the enterprise connection.                                                                                            |
| <a id="oidc"></a> `oidc?`                             | `{ authUrl?: string; clientId?: string; clientSecret?: string; discoveryUrl?: string; requiresPkce?: boolean; tokenUrl?: string; userInfoUrl?: string; }`                                                                                                                                                                                | Configuration for if the enterprise connection uses OAuth (OIDC).                                                                 |
| `oidc.authUrl?`                                       | `string`                                                                                                                                                                                                                                                                                                                                            | The OAuth (OIDC) authorization URL.                                                                                               |
| `oidc.clientId?`                                      | `string`                                                                                                                                                                                                                                                                                                                                            | The OAuth (OIDC) client ID.                                                                                                       |
| `oidc.clientSecret?`                                  | `string`                                                                                                                                                                                                                                                                                                                                            | The OAuth (OIDC) client secret.                                                                                                   |
| `oidc.discoveryUrl?`                                  | `string`                                                                                                                                                                                                                                                                                                                                            | The OAuth (OIDC) discovery URL.                                                                                                   |
| `oidc.requiresPkce?`                                  | `boolean`                                                                                                                                                                                                                                                                                                                                           | Whether the OAuth (OIDC) requires PKCE. Must be `true` for public clients with no client secret.                                  |
| `oidc.tokenUrl?`                                      | `string`                                                                                                                                                                                                                                                                                                                                            | The OAuth (OIDC) token URL.                                                                                                       |
| `oidc.userInfoUrl?`                                   | `string`                                                                                                                                                                                                                                                                                                                                            | The OAuth (OIDC) user info URL.                                                                                                   |
| <a id="organizationid"></a> `organizationId?`         | `string`                                                                                                                                                                                                                                                                                                                                            | The organization ID of the enterprise connection.                                                                                 |
| <a id="saml"></a> `saml?`                             | `{ allowIdpInitiated?: boolean; allowSubdomains?: boolean; attributeMapping?: { emailAddress?: string | null; firstName?: string | null; lastName?: string | null; userId?: string | null; }; forceAuthn?: boolean; idpCertificate?: string; idpEntityId?: string; idpMetadata?: string; idpMetadataUrl?: string; idpSsoUrl?: string; }` | Configuration for if the enterprise connection uses SAML.                                                                         |
| `saml.allowIdpInitiated?`                             | `boolean`                                                                                                                                                                                                                                                                                                                                           | Whether the SAML connection allows Identity Provider (IdP) initiated flows.                                                       |
| `saml.allowSubdomains?`                               | `boolean`                                                                                                                                                                                                                                                                                                                                           | Whether the SAML connection allows users with an email address subdomain to use it.                                               |
| `saml.attributeMapping?`                              | `{ emailAddress?: string | null; firstName?: string | null; lastName?: string | null; userId?: string | null; }`                                                                                                                                                                                                                         | The attribute mapping for the SAML connection.                                                                                    |
| `saml.attributeMapping.emailAddress?`                 | `string | null`                                                                                                                                                                                                                                                                                                                          | The attribute mapping for the email address.                                                                                      |
| `saml.attributeMapping.firstName?`                    | `string | null`                                                                                                                                                                                                                                                                                                                          | The attribute mapping for the first name.                                                                                         |
| `saml.attributeMapping.lastName?`                     | `string | null`                                                                                                                                                                                                                                                                                                                          | The attribute mapping for the last name.                                                                                          |
| `saml.attributeMapping.userId?`                       | `string | null`                                                                                                                                                                                                                                                                                                                          | The attribute mapping for the user ID.                                                                                            |
| `saml.forceAuthn?`                                    | `boolean`                                                                                                                                                                                                                                                                                                                                           | Whether the SAML connection requires force authentication.                                                                        |
| `saml.idpCertificate?`                                | `string`                                                                                                                                                                                                                                                                                                                                            | The IdP certificate (PEM) for the SAML connection.                                                                                |
| `saml.idpEntityId?`                                   | `string`                                                                                                                                                                                                                                                                                                                                            | The IdP Entity ID for the SAML connection.                                                                                        |
| `saml.idpMetadata?`                                   | `string`                                                                                                                                                                                                                                                                                                                                            | The raw IdP metadata XML for the SAML connection.                                                                                 |
| `saml.idpMetadataUrl?`                                | `string`                                                                                                                                                                                                                                                                                                                                            | The IdP metadata URL for the SAML connection.                                                                                     |
| `saml.idpSsoUrl?`                                     | `string`                                                                                                                                                                                                                                                                                                                                            | The IdP Single-Sign On URL for the SAML connection.                                                                               |
| <a id="syncuserattributes"></a> `syncUserAttributes?` | `boolean`                                                                                                                                                                                                                                                                                                                                           | Whether the enterprise connection should sync user attributes between the IdP and Clerk.                                          |

## Usage

> Using `clerkClient` varies based on the SDK you're using. Refer to the [overview](https://clerk.com/docs/reference/backend/overview.md) for usage details, including guidance on [how to access the `userId` and other properties](https://clerk.com/docs/reference/backend/overview.md#example-get-the-user-id-and-other-properties).

```tsx
const response = await clerkClient.enterpriseConnections.createEnterpriseConnection({
  name: 'Google',
  organizationId: 'org_123',
  oidc: {
    authUrl: 'https://example.com/auth',
    clientId: '1234567890',
    clientSecret: '1234567890',
    discoveryUrl: 'https://example.com/discovery',
    requiresPkce: false,
    tokenUrl: 'https://example.com/token',
    userInfoUrl: 'https://example.com/userinfo',
  },
})
```

## Backend API (BAPI) endpoint

This method in the SDK is a wrapper around the BAPI endpoint `POST/enterprise_connections`. See the [BAPI reference](https://clerk.com/docs/reference/backend-api/tag/enterprise-connections/POST/enterprise_connections){{ target: '_blank' }} for more information.

---

## Sitemap

[Overview of all docs pages](https://clerk.com/docs/llms.txt)
