Links

SCIM 2.0

The SCIM API allows to manage user accounts within the UI Bakery workspace.

Enabling the SCIM API

To enable the SCIM API on your instance, you will need to provide an authentication token via an environment variable:
UI_BAKERY_SCIM_TOKEN=YOUR_TOKEN

Making Requests to the UI Bakery SCIM API

To interact with the UI Bakery SCIM API, you need to make requests to the following URL where UI_BAKERY_INSTANCE is your domain and {workspace} is your UI Bakery workspace slug.
http(s)://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}
To authenticate your requests, include the Authorization: Bearer TOKEN header with the value provided in UI_BAKERY_SCIM_TOKEN env variable.

Supported Operations with the SCIM API

The SCIM API in UI Bakery provides a range of operations to synchronize user accounts between your Identity Provider (IDP) and UI Bakery. By utilizing the SCIM API, you can manage Users and Roles within your UI Bakery workspace. The following operations are supported
  • Create new users in the workspace
  • Update user attributes
  • Remove users from the workspace
  • Create roles in the workspace
  • Rename roles
  • Delete roles
  • Assign roles to users

Reference

User methods:

get
https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}
/Users
Get list of users in workspace
get
https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}
/Users/{email}
Get user by email
post
https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}
/Users
Create user
put
https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}
/Users/{email}
Update user
patch
https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}
/Users/{email}
Patch user
delete
https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}
Delete user by email

Groups (UI Bakery roles) methods

get
https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}
/Groups
Get list of workspace roles
get
https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}
/Groups/{id}
Get role details by id
post
https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}
/Groups
Create role
put
https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}
/Groups/{id}
Update role
patch
https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}
/Groups/{id}
Patch role
delete
https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}
/Groups/{id}
Delete role by id

Example of integration with Okta

In this example, we will show you how to synchronize users and groups from Okta to UI Bakery.

Create a new application

  1. 1.
    Go to the Applications section in the Okta Admin account
  2. 2.
    Click on Browse App Catalog
  3. 3.
    Search for "SCIM 2.0 Test App (OAuth Bearer Token)"
  4. 4.
    Click Add integration
  5. 5.
    Enter a name for your integration
  6. 6.
    Choose SAML in Sign-On Options
  7. 7.
    In Credentials Details select Email for Application username format
  8. 8.
    Click Done

Connect integration with UI Bakery

  1. 1.
    Select Provisioning tab
  2. 2.
    Click Configure API Integration and enable API Integration
  3. 3.
    Specify the Base URL as https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace} where UI_BAKERY_INSTANCE is your domain name and workspace is equal to the UI Bakery workspace slug
  4. 4.
    Enter the OAuth Bearer Token with a value the same as the UI Bakery env variable UI_BAKERY_SCIM_TOKEN
  5. 5.
    Click test and then connect the integration

Configure integration

  1. 1.
    In the Provisioning tab select To App section and enable the following Create Users, Update User Attributes, Deactivate Users
  2. 2.
    In the Assignments tab assign users or groups. Note that assigned groups may not synchronize with UI Bakery roles. Refer to Okta documentation for using other Okta groups for the Groups Push feature.