You can use the POST /environments/{environmentId}/signOnPolicies endpoint to create the new sign-on policy.

In the request, the name property is required and must be unique within the environment. The description property is optional, but recommended. The default property is optional, and should be set only if you want this sign-on policy to be the default policy for all applications in the environment. If this property is not set in the request, its value is set automatically to false.

The response includes an actions HAL link to the sign-on policy actions endpoint, which is used to assign an action to the new sign-on policy. The policy must have at least one associated action before it can be assigned to an application.