diff --git a/README.md b/README.md
index 564d23fdf..ec67f7a9b 100644
--- a/README.md
+++ b/README.md
@@ -679,6 +679,18 @@ const res = await descopeClient.management.tenant.generateSSOConfigurationLink(
   60 * 60 * 24,
 );
 console.log(res.adminSSOConfigurationLink);
+
+// Optionally set an actor id, recorded as the audit actor for actions taken inside the SSO
+// Suite (instead of the temporary user). It is used as-is for audit attribution and is not validated.
+const resWithActor = await descopeClient.management.tenant.generateSSOConfigurationLink(
+  'my-tenant-id',
+  60 * 60 * 24,
+  undefined, // ssoId
+  undefined, // email
+  undefined, // templateId
+  'my-admin-actor-id', // actorId
+);
+console.log(resWithActor.adminSSOConfigurationLink);
 ```
 
 ### Manage Password
diff --git a/lib/management/tenant.test.ts b/lib/management/tenant.test.ts
index 0af3b0623..dd4f6f657 100644
--- a/lib/management/tenant.test.ts
+++ b/lib/management/tenant.test.ts
@@ -583,5 +583,38 @@ describe('Management Tenant', () => {
         response: httpResponse,
       });
     });
+
+    it('should send the actorId when provided', async () => {
+      const httpResponse = {
+        ok: true,
+        json: () => ({
+          adminSSOConfigurationLink: 'some link',
+        }),
+        clone: () => ({
+          json: () => Promise.resolve({ adminSSOConfigurationLink: 'some link' }),
+        }),
+        status: 200,
+      };
+      mockHttpClient.post.mockResolvedValue(httpResponse);
+
+      await management.tenant.generateSSOConfigurationLink(
+        'test',
+        60 * 60 * 24,
+        undefined,
+        undefined,
+        undefined,
+        'admin-actor-1',
+      );
+
+      expect(mockHttpClient.post).toHaveBeenCalledWith(
+        apiPaths.tenant.generateSSOConfigurationLink,
+        {
+          tenantId: 'test',
+          expireTime: 60 * 60 * 24,
+          actorId: 'admin-actor-1',
+        },
+        {},
+      );
+    });
   });
 });
diff --git a/lib/management/tenant.ts b/lib/management/tenant.ts
index 6bfb002dd..7316f523a 100644
--- a/lib/management/tenant.ts
+++ b/lib/management/tenant.ts
@@ -123,11 +123,15 @@ const withTenant = (httpClient: HttpClient) => ({
     ssoId?: string,
     email?: string,
     templateId?: string,
+    // When provided, actorId is recorded as the audit actor for actions performed inside the
+    // SSO Setup Suite (instead of the temporary user). It is used as-is for audit attribution
+    // and is not validated.
+    actorId?: string,
   ): Promise<SdkResponse<GenerateSSOConfigurationLinkResponse>> =>
     transformResponse<GenerateSSOConfigurationLinkResponse, GenerateSSOConfigurationLinkResponse>(
       httpClient.post(
         apiPaths.tenant.generateSSOConfigurationLink,
-        { tenantId, expireTime: expireDuration, ssoId, email, templateId },
+        { tenantId, expireTime: expireDuration, ssoId, email, templateId, actorId },
         {},
       ),
       (data) => data,