Enabling the SCIM API
To enable the SCIM API on your instance, you will need to provide an authentication token via an environment variable:
Copy UI_BAKERY_SCIM_TOKEN = YOUR_TOKEN Making Requests to the UI Bakery SCIM API
To interact with the UI Bakery SCIM API, you need to make requests to the following URL where UI_BAKERY_INSTANCE is your domain and {workspace} is your UI Bakery workspace slug.
Copy http(s)://UI_BAKERY_INSTANCE/api/scim/v2/{workspace} To authenticate your requests, include the Authorization: Bearer TOKEN header with the value provided in UI_BAKERY_SCIM_TOKEN env variable.
Supported Operations with the SCIM API
The SCIM API in UI Bakery provides a range of operations to synchronize user accounts between your Identity Provider (IDP) and UI Bakery. By utilizing the SCIM API, you can manage Users and Roles within your UI Bakery workspace. The following operations are supported
Create new users in the workspace
Remove users from the workspace
Create roles in the workspace
Reference
User methods:
Get list of users in workspace
GET https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}/Users
Path Parameters
Query Parameters
200: OK
Copy {
"schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
"totalResults": 1,
"startIndex": 1,
"itemsPerPage": 0,
"Resources": [
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "user@example.com",
"meta": {
"resourceType": "User",
"created": "2023-04-12T00:00:00+03:00",
"lastModified": "2023-04-12T00:00:00+03:00",
"location": "/scim/v2/workspace/Users/user@example.com"
},
"userName": "user@example.com",
"name": {
"formatted": "User Name",
"familyName": "",
"givenName": "",
"middleName": ""
},
"displayName": "User Name",
"active": true,
"emails": [
{
"value": "user@example.com"
}
],
"groups": [
{
"value": "ardFdxe8tG",
"display": "admin",
"type": "workspace"
}
]
}
]
} Get user by email
GET https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}/Users/{email}
Path Parameters
200: OK
Copy {
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "test@example.com",
"externalId": null,
"meta": {
"resourceType": "User",
"created": "2023-04-11T21:00:00.000+00:00",
"lastModified": "2023-04-11T21:00:00.000+00:00",
"location": null,
"version": null
},
"userName": "test@example.com",
"name": {
"formatted": "User Name",
"familyName": "",
"givenName": "",
"middleName": "",
"honorificPrefix": null,
"honorificSuffix": null
},
"displayName": "User Name",
"emails": [
{
"value": "test@example.com",
"display": null,
"type": null,
"primary": null
}
],
"groups": [
{
"value": "ardFdxe8tG",
"display": "admin",
"type": "workspace",
"$ref": null
}
],
...
} Create user
POST https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}/Users
Creates a new user in the workspace. The new user has a default user role, If groups aren't provided. New user should sign up to assign a password.
Accepts JSON representation of SCIM UserResource.
Path Parameters
Query Parameters
Request Body
201: Created
Copy {
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "user@example.com",
"externalId": null,
"meta": {
"resourceType": "User",
"created": "2023-04-11T21:00:00.000+00:00",
"lastModified": "2023-04-11T21:00:00.000+00:00",
"location": null,
"version": null
},
"userName": "user@example.com",
"name": {
"formatted": "John Doe",
"familyName": "",
"givenName": "",
"middleName": "",
"honorificPrefix": null,
"honorificSuffix": null
},
"displayName": "John Doe",
"emails": [
{
"value": "user@example.com",
"display": null,
"type": null,
"primary": null
}
],
"groups": [
{
"value": "ardFdxe8tG",
"display": "user",
"type": "endUser",
"$ref": null
}
],
...
} Update user
PUT https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}/Users/{email}
Updates user, supports changes for name, email, and other fields.
If groups aren't provided then no changes applied to user roles.
Accepts JSON representation of SCIM UserResource.
Path Parameters
Request Body
200: OK
Copy {
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "user@example.com",
"externalId": null,
"meta": {
"resourceType": "User",
"created": "2023-04-11T21:00:00.000+00:00",
"lastModified": "2023-04-11T21:00:00.000+00:00",
"location": null,
"version": null
},
"userName": "user@example.com",
"name": {
"formatted": "John Doe 2",
"familyName": "",
"givenName": "",
"middleName": "",
"honorificPrefix": null,
"honorificSuffix": null
},
"displayName": "John Doe 2",
"emails": [
{
"value": "user@example.com",
"display": null,
"type": null,
"primary": null
}
],
"groups": [
{
"value": "ardFdxe8tG",
"display": "user",
"type": "endUser",
"$ref": null
}
],
...
} Patch user
PATCH https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}/Users/{email}
Updates user, supports changes for name, email, and other fields.
Accepts JSON representation of SCIM Patch Operations array.
Path Parameters
Request Body
200: OK
Copy {
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "user@example.com",
"externalId": null,
"meta": {
"resourceType": "User",
"created": "2023-04-11T21:00:00.000+00:00",
"lastModified": "2023-04-11T21:00:00.000+00:00",
"location": null,
"version": null
},
"userName": "user@example.com",
"name": {
"formatted": "John Doe 3",
"familyName": "",
"givenName": "",
"middleName": "",
"honorificPrefix": null,
"honorificSuffix": null
},
"displayName": "John Doe 3",
"emails": [
{
"value": "user@example.com",
"display": null,
"type": null,
"primary": null
}
],
"groups": [
{
"value": "ardFdxe8tG",
"display": "user",
"type": "endUser",
"$ref": null
}
],
...
} Delete user by email
DELETE https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}/Users/test@example.com
Path Parameters
Groups (UI Bakery roles) methods
Get list of workspace roles
GET https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}/Groups
Path Parameters
Query Parameters
200: OK
Copy {
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 3,
"Resources": [
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"id": "bdeM5DxR8tG",
"meta": {
"created": "2023-06-15T12:49:42+03:00",
"resourceType": "Group",
"location": "/scim/v2/workspace/Groups/ddMfWdR8tG"
},
"displayName": "admin",
"members": [
{
"value": "user@example.com",
"display": "John Doe"
}
],
"roleType": "workspace"
},
...
]
} Get role details by id
GET https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}/Groups/{id}
Path Parameters
200: OK
Copy {
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"id": "bdeM5DxR8tG",
"externalId": null,
"meta": {
"resourceType": null,
"created": "2023-06-15T09:49:42.000+00:00",
},
"displayName": "admin",
"members": [
{
"value": "user@example.com",
"display": "John Doe",
}
],
"roleType": "workspace"
} Create role
POST https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}/Groups
Creates a new role in workspace, new role has no permissions to projects and datasources.
Accepts JSON representation of SCIM GroupResource.
Path Parameters
Request Body
201: Created
Copy {
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"id": "bdeM5DxR8tG",
"externalId": null,
"meta": {
"resourceType": null,
"created": "2023-06-15T09:49:42.000+00:00",
},
"displayName": "New Role",
"members": [],
"roleType": "workspace"
} Update role
PUT https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}/Groups/{id}
Updates role in UI Bakery, accepts JSON representation of SCIM Patch Operations. With patch operation you can assign roles to user.
Accepts JSON representation of SCIM GroupResource.
Path Parameters
Request Body
200: OK
Copy {
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"id": "bdeM5DxR8tG",
"externalId": null,
"meta": {
"resourceType": null,
"created": "2023-06-15T09:49:42.000+00:00",
},
"displayName": "New Role 3",
"members": [
{
"value": "user2@example.com",
"display": "John Doe 2",
}
],
"roleType": "workspace"
} Patch role
PATCH https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}/Groups/{id}
Updates role in UI Bakery.
Accepts JSON representation of SCIM Patch Operations array.
Path Parameters
Request Body
200: OK
Copy {
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"id": "bdeM5DxR8tG",
"externalId": null,
"meta": {
"resourceType": null,
"created": "2023-06-15T09:49:42.000+00:00",
},
"displayName": "New Role 3",
"members": [],
"roleType": "workspace"
} Delete role by id
DELETE https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace}/Groups/{id}
Path Parameters
Example of integration with Okta
In this example, we will show you how to synchronize users and groups from Okta to UI Bakery.
Create a new application
Go to the Applications section in the Okta Admin account
Click on Browse App Catalog
Search for "SCIM 2.0 Test App (OAuth Bearer Token)"
Enter a name for your integration
Choose SAML in Sign-On Options
In Credentials Details select Email for Application username format
Connect integration with UI Bakery
Click Configure API Integration and enable API Integration
Specify the Base URL as https://UI_BAKERY_INSTANCE/api/scim/v2/{workspace} where UI_BAKERY_INSTANCE is your domain name and workspace is equal to the UI Bakery workspace slug
Enter the OAuth Bearer Token with a value the same as the UI Bakery env variable UI_BAKERY_SCIM_TOKEN
Click test and then connect the integration
Configure integration
In the Provisioning tab select To App section and enable the following Create Users, Update User Attributes, Deactivate Users
In the Assignments tab assign users or groups. Note that assigned groups may not synchronize with UI Bakery roles. Refer to Okta documentation for using other Okta groups for the Groups Push feature.
