SCIM 2.0
The SCIM API allows to manage user accounts within the UI Bakery workspace.
Enabling the SCIM API
To enable the SCIM API on your instance, you will need to provide an authentication token via an environment variable:
UI Bakery doesn't provide authentication tokens by default, so you need to generate a token manually.
Making Requests to the UI Bakery SCIM API
To interact with the UI Bakery SCIM API, you need to make requests to the following URL where UI_BAKERY_INSTANCE
is your domain and {workspace}
is your UI Bakery workspace slug.
To authenticate your requests, include the Authorization: Bearer TOKEN
header with the value provided in UI_BAKERY_SCIM_TOKEN
env variable.
Supported Operations with the SCIM API
The SCIM API in UI Bakery provides a range of operations to synchronize user accounts between your Identity Provider (IDP) and UI Bakery. By utilizing the SCIM API, you can manage Users and Roles within your UI Bakery workspace. The following operations are supported
Create new users in the workspace
Update user attributes
Remove users from the workspace
Create roles in the workspace
Rename roles
Delete roles
Assign roles to users
Reference
User methods:
Get list of users in workspace
GET
https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}/Users
Path Parameters
Query Parameters
Get user by email
GET
https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}/Users/{email}
Path Parameters
Create user
POST
https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}/Users
Creates a new user in the workspace. The new user has a default user role, If groups
aren't provided. New user should sign up to assign a password.
Accepts JSON representation of SCIM UserResource.
Path Parameters
Query Parameters
Request Body
Update user
PUT
https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}/Users/{email}
Updates user, supports changes for name, email, and other fields.
If groups
aren't provided then no changes applied to user roles.
Accepts JSON representation of SCIM UserResource.
Path Parameters
Request Body
Patch user
PATCH
https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}/Users/{email}
Updates user, supports changes for name, email, and other fields.
Accepts JSON representation of SCIM Patch Operations array.
Path Parameters
Request Body
Delete user by email
DELETE
https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}/Users/test@example.com
Path Parameters
Groups (UI Bakery roles) methods
Get list of workspace roles
GET
https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}/Groups
Path Parameters
Query Parameters
Get role details by id
GET
https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}/Groups/{id}
Path Parameters
Create role
POST
https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}/Groups
Creates a new role in workspace, new role has no permissions to projects and datasources.
Accepts JSON representation of SCIM GroupResource.
Path Parameters
Request Body
Update role
PUT
https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}/Groups/{id}
Updates role in UI Bakery, accepts JSON representation of SCIM Patch Operations. With patch operation you can assign roles to user.
Accepts JSON representation of SCIM GroupResource.
Path Parameters
Request Body
Patch role
PATCH
https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}/Groups/{id}
Updates role in UI Bakery.
Accepts JSON representation of SCIM Patch Operations array.
Path Parameters
Request Body
Delete role by id
DELETE
https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}/Groups/{id}
Path Parameters
Example of integration with Okta
In this example, we will show you how to synchronize users and groups from Okta to UI Bakery.
Create a new application
Go to the Applications section in the Okta Admin account
Click on Browse App Catalog
Search for "SCIM 2.0 Test App (OAuth Bearer Token)"
Click Add integration
Enter a name for your integration
Choose SAML in Sign-On Options
In Credentials Details select Email for Application username format
Click Done
Connect integration with UI Bakery
Select Provisioning tab
Click Configure API Integration and enable API Integration
Specify the Base URL as
https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}
whereUI_BAKERY_INSTANCE
is your domain name andworkspace
is equal to the UI Bakery workspace slugEnter the OAuth Bearer Token with a value the same as the UI Bakery env variable
UI_BAKERY_SCIM_TOKEN
Click test and then connect the integration
Configure integration
In the Provisioning tab select To App section and enable the following Create Users, Update User Attributes, Deactivate Users
In the Assignments tab assign users or groups. Note that assigned groups may not synchronize with UI Bakery roles. Refer to Okta documentation for using other Okta groups for the Groups Push feature.
Last updated