coder
diff --git a/‎coderd/apidoc/docs.go
Lines changed: 50 additions & 0 deletions b/‎coderd/apidoc/docs.go
Lines changed: 50 additions & 0 deletions
diff --git a/‎coderd/apidoc/swagger.json
Lines changed: 44 additions & 0 deletions b/‎coderd/apidoc/swagger.json
Lines changed: 44 additions & 0 deletions
diff --git a/‎codersdk/idpsync.go
Lines changed: 19 additions & 0 deletions b/‎codersdk/idpsync.go
Lines changed: 19 additions & 0 deletions
diff --git a/‎docs/reference/api/enterprise.md
Lines changed: 56 additions & 0 deletions b/‎docs/reference/api/enterprise.md
Lines changed: 56 additions & 0 deletions
diff --git a/‎docs/reference/api/schemas.md
Lines changed: 16 additions & 0 deletions b/‎docs/reference/api/schemas.md
Lines changed: 16 additions & 0 deletions
diff --git a/‎enterprise/coderd/coderd.go
Lines changed: 1 addition & 0 deletions b/‎enterprise/coderd/coderd.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎enterprise/coderd/idpsync.go
Lines changed: 69 additions & 0 deletions b/‎enterprise/coderd/idpsync.go
Lines changed: 69 additions & 0 deletions
@@ -144,6 +144,25 @@ func (c *Client) PatchOrganizationIDPSyncSettings(ctx context.Context, req Organ
 	return resp, json.NewDecoder(res.Body).Decode(&resp)
 }
 
+type PatchOrganizationIDPSyncConfigRequest struct {
+	Field         string `json:"field"`
+	AssignDefault bool   `json:"assign_default"`
+}
+
+func (c *Client) PatchOrganizationIDPSyncConfig(ctx context.Context, req PatchOrganizationIDPSyncConfigRequest) (OrganizationSyncSettings, error) {
+	res, err := c.Request(ctx, http.MethodPatch, "/api/v2/settings/idpsync/organization/config", req)
+	if err != nil {
+		return OrganizationSyncSettings{}, xerrors.Errorf("make request: %w", err)
+	}
+	defer res.Body.Close()
+
+	if res.StatusCode != http.StatusOK {
+		return OrganizationSyncSettings{}, ReadBodyAsError(res)
+	}
+	var resp OrganizationSyncSettings
+	return resp, json.NewDecoder(res.Body).Decode(&resp)
+}
+
 // If the same mapping is present in both Add and Remove, Remove will take presidence.
 type PatchOrganizationIDPSyncMappingRequest struct {
 	Add    []IDPSyncMapping[uuid.UUID]
 
@@ -295,6 +295,7 @@ func New(ctx context.Context, options *Options) (_ *API, err error) {
 				r.Route("/organization", func(r chi.Router) {
 					r.Get("/", api.organizationIDPSyncSettings)
 					r.Patch("/", api.patchOrganizationIDPSyncSettings)
+					r.Patch("/config", api.patchOrganizationIDPSyncConfig)
 					r.Patch("/mapping", api.patchOrganizationIDPSyncMapping)
 				})
 
 
@@ -319,6 +319,75 @@ func (api *API) patchOrganizationIDPSyncSettings(rw http.ResponseWriter, r *http
 	})
 }
 
+// @Summary Update organization IdP Sync config
+// @ID update-organization-idp-sync-config
+// @Security CoderSessionToken
+// @Produce json
+// @Accept json
+// @Tags Enterprise
+// @Success 200 {object} codersdk.OrganizationSyncSettings
+// @Param request body codersdk.PatchOrganizationIDPSyncConfigRequest true "New config values"
+// @Router /settings/idpsync/organization/config [patch]
+func (api *API) patchOrganizationIDPSyncConfig(rw http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	auditor := *api.AGPL.Auditor.Load()
+	aReq, commitAudit := audit.InitRequest[idpsync.OrganizationSyncSettings](rw, &audit.RequestParams{
+		Audit:   auditor,
+		Log:     api.Logger,
+		Request: r,
+		Action:  database.AuditActionWrite,
+	})
+	defer commitAudit()
+
+	if !api.Authorize(r, policy.ActionUpdate, rbac.ResourceIdpsyncSettings) {
+		httpapi.Forbidden(rw)
+		return
+	}
+
+	var req codersdk.PatchOrganizationIDPSyncConfigRequest
+	if !httpapi.Read(ctx, rw, r, &req) {
+		return
+	}
+
+	var settings *idpsync.OrganizationSyncSettings
+	//nolint:gocritic // Requires system context to update runtime config
+	sysCtx := dbauthz.AsSystemRestricted(ctx)
+	err := database.ReadModifyUpdate(api.Database, func(tx database.Store) error {
+		existing, err := api.IDPSync.OrganizationSyncSettings(sysCtx, tx)
+		if err != nil {
+			return err
+		}
+		aReq.Old = *existing
+
+		err = api.IDPSync.UpdateOrganizationSyncSettings(sysCtx, tx, idpsync.OrganizationSyncSettings{
+			Field:         req.Field,
+			AssignDefault: req.AssignDefault,
+			Mapping:       existing.Mapping,
+		})
+		if err != nil {
+			return err
+		}
+
+		settings, err = api.IDPSync.OrganizationSyncSettings(sysCtx, tx)
+		if err != nil {
+			return err
+		}
+
+		return nil
+	})
+	if err != nil {
+		httpapi.InternalServerError(rw, err)
+		return
+	}
+
+	aReq.New = *settings
+	httpapi.Write(ctx, rw, http.StatusOK, codersdk.OrganizationSyncSettings{
+		Field:         settings.Field,
+		Mapping:       settings.Mapping,
+		AssignDefault: settings.AssignDefault,
+	})
+}
+
 // @Summary Update organization IdP Sync mapping
 // @ID update-organization-idp-sync-mapping
 // @Security CoderSessionToken