@workos/mcp-docs-server 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.docs/organized/changelogs/workos-platform.json +277 -0
- package/.docs/organized/docs/admin-portal/_navigation.mdx +16 -0
- package/.docs/organized/docs/admin-portal/custom-branding.mdx +111 -0
- package/.docs/organized/docs/admin-portal/example-apps.mdx +46 -0
- package/.docs/organized/docs/admin-portal/index.mdx +240 -0
- package/.docs/organized/docs/audit-logs/_navigation.mdx +22 -0
- package/.docs/organized/docs/audit-logs/admin-portal.mdx +20 -0
- package/.docs/organized/docs/audit-logs/editing-events.mdx +27 -0
- package/.docs/organized/docs/audit-logs/exporting-events.mdx +29 -0
- package/.docs/organized/docs/audit-logs/index.mdx +110 -0
- package/.docs/organized/docs/audit-logs/log-streams.mdx +56 -0
- package/.docs/organized/docs/audit-logs/metadata-schema.mdx +21 -0
- package/.docs/organized/docs/custom-domains/_navigation.mdx +16 -0
- package/.docs/organized/docs/custom-domains/admin-portal.mdx +38 -0
- package/.docs/organized/docs/custom-domains/auth-api.mdx +59 -0
- package/.docs/organized/docs/custom-domains/authkit.mdx +36 -0
- package/.docs/organized/docs/custom-domains/email.mdx +41 -0
- package/.docs/organized/docs/custom-domains/index.mdx +19 -0
- package/.docs/organized/docs/dashboard.mdx +244 -0
- package/.docs/organized/docs/demo/_navigation.mdx +26 -0
- package/.docs/organized/docs/demo/accordion.mdx +34 -0
- package/.docs/organized/docs/demo/checklist.mdx +33 -0
- package/.docs/organized/docs/demo/code-block.mdx +185 -0
- package/.docs/organized/docs/demo/definition-list.mdx +35 -0
- package/.docs/organized/docs/demo/index.mdx +7 -0
- package/.docs/organized/docs/demo/punctuation.mdx +37 -0
- package/.docs/organized/docs/demo/replacements.mdx +26 -0
- package/.docs/organized/docs/demo/table.mdx +26 -0
- package/.docs/organized/docs/demo/tabs.mdx +17 -0
- package/.docs/organized/docs/directory-sync/_navigation.mdx +28 -0
- package/.docs/organized/docs/directory-sync/attributes.mdx +209 -0
- package/.docs/organized/docs/directory-sync/example-apps.mdx +46 -0
- package/.docs/organized/docs/directory-sync/handle-inactive-users.mdx +52 -0
- package/.docs/organized/docs/directory-sync/identity-provider-role-assignment.mdx +134 -0
- package/.docs/organized/docs/directory-sync/index.mdx +107 -0
- package/.docs/organized/docs/directory-sync/quick-start.mdx +129 -0
- package/.docs/organized/docs/directory-sync/understanding-events.mdx +209 -0
- package/.docs/organized/docs/domain-verification/_navigation.mdx +10 -0
- package/.docs/organized/docs/domain-verification/api.mdx +60 -0
- package/.docs/organized/docs/domain-verification/index.mdx +67 -0
- package/.docs/organized/docs/email.mdx +109 -0
- package/.docs/organized/docs/events/_navigation.mdx +22 -0
- package/.docs/organized/docs/events/data-syncing/data-reconciliation.mdx +56 -0
- package/.docs/organized/docs/events/data-syncing/events-api.mdx +114 -0
- package/.docs/organized/docs/events/data-syncing/index.mdx +66 -0
- package/.docs/organized/docs/events/data-syncing/webhooks.mdx +173 -0
- package/.docs/organized/docs/events/index.mdx +783 -0
- package/.docs/organized/docs/events/observability/datadog.mdx +76 -0
- package/.docs/organized/docs/fga/_navigation.mdx +64 -0
- package/.docs/organized/docs/fga/identity-provider-sessions.mdx +68 -0
- package/.docs/organized/docs/fga/index.mdx +60 -0
- package/.docs/organized/docs/fga/local-development.mdx +155 -0
- package/.docs/organized/docs/fga/modeling/abac.mdx +107 -0
- package/.docs/organized/docs/fga/modeling/blocklist.mdx +84 -0
- package/.docs/organized/docs/fga/modeling/conditional-roles.mdx +99 -0
- package/.docs/organized/docs/fga/modeling/custom-roles.mdx +90 -0
- package/.docs/organized/docs/fga/modeling/entitlements.mdx +127 -0
- package/.docs/organized/docs/fga/modeling/managed-service-provider.mdx +131 -0
- package/.docs/organized/docs/fga/modeling/org-roles-and-permissions.mdx +95 -0
- package/.docs/organized/docs/fga/modeling/policy-context.mdx +231 -0
- package/.docs/organized/docs/fga/modeling/public-access.mdx +61 -0
- package/.docs/organized/docs/fga/modeling/shareable-content.mdx +106 -0
- package/.docs/organized/docs/fga/modeling/superusers.mdx +74 -0
- package/.docs/organized/docs/fga/modeling/user-groups.mdx +92 -0
- package/.docs/organized/docs/fga/operations-usage.mdx +104 -0
- package/.docs/organized/docs/fga/playground.mdx +12 -0
- package/.docs/organized/docs/fga/policies.mdx +462 -0
- package/.docs/organized/docs/fga/query-language.mdx +112 -0
- package/.docs/organized/docs/fga/quick-start.mdx +174 -0
- package/.docs/organized/docs/fga/resources.mdx +92 -0
- package/.docs/organized/docs/fga/schema-management.mdx +224 -0
- package/.docs/organized/docs/fga/schema.mdx +388 -0
- package/.docs/organized/docs/fga/warrant-tokens.mdx +44 -0
- package/.docs/organized/docs/fga/warrants.mdx +92 -0
- package/.docs/organized/docs/glossary.mdx +184 -0
- package/.docs/organized/docs/integrations/_navigation.mdx +6 -0
- package/.docs/organized/docs/integrations/access-people-hr.mdx +87 -0
- package/.docs/organized/docs/integrations/adp-oidc.mdx +103 -0
- package/.docs/organized/docs/integrations/apple.mdx +169 -0
- package/.docs/organized/docs/integrations/auth0-directory-sync.mdx +78 -0
- package/.docs/organized/docs/integrations/auth0-enterprise-connection.mdx +92 -0
- package/.docs/organized/docs/integrations/auth0-saml.mdx +81 -0
- package/.docs/organized/docs/integrations/aws-cognito.mdx +81 -0
- package/.docs/organized/docs/integrations/bamboohr.mdx +90 -0
- package/.docs/organized/docs/integrations/breathe-hr.mdx +89 -0
- package/.docs/organized/docs/integrations/bubble.mdx +129 -0
- package/.docs/organized/docs/integrations/cas-saml.mdx +65 -0
- package/.docs/organized/docs/integrations/cezanne.mdx +74 -0
- package/.docs/organized/docs/integrations/classlink-saml.mdx +100 -0
- package/.docs/organized/docs/integrations/cloudflare-saml.mdx +164 -0
- package/.docs/organized/docs/integrations/cyberark-saml.mdx +138 -0
- package/.docs/organized/docs/integrations/cyberark-scim.mdx +100 -0
- package/.docs/organized/docs/integrations/duo-saml.mdx +127 -0
- package/.docs/organized/docs/integrations/entra-id-saml.mdx +156 -0
- package/.docs/organized/docs/integrations/entra-id-scim.mdx +218 -0
- package/.docs/organized/docs/integrations/firebase.mdx +98 -0
- package/.docs/organized/docs/integrations/fourth.mdx +66 -0
- package/.docs/organized/docs/integrations/github-oauth.mdx +85 -0
- package/.docs/organized/docs/integrations/gitlab-oauth.mdx +81 -0
- package/.docs/organized/docs/integrations/google-directory-sync.mdx +86 -0
- package/.docs/organized/docs/integrations/google-oauth.mdx +173 -0
- package/.docs/organized/docs/integrations/google-saml.mdx +135 -0
- package/.docs/organized/docs/integrations/hibob.mdx +98 -0
- package/.docs/organized/docs/integrations/jumpcloud-saml.mdx +96 -0
- package/.docs/organized/docs/integrations/jumpcloud-scim.mdx +106 -0
- package/.docs/organized/docs/integrations/keycloak-saml.mdx +128 -0
- package/.docs/organized/docs/integrations/lastpass-saml.mdx +134 -0
- package/.docs/organized/docs/integrations/linkedin-oauth.mdx +77 -0
- package/.docs/organized/docs/integrations/login-gov-oidc.mdx +103 -0
- package/.docs/organized/docs/integrations/microsoft-ad-fs-saml.mdx +96 -0
- package/.docs/organized/docs/integrations/microsoft-oauth.mdx +101 -0
- package/.docs/organized/docs/integrations/miniorange-saml.mdx +124 -0
- package/.docs/organized/docs/integrations/net-iq-saml.mdx +75 -0
- package/.docs/organized/docs/integrations/next-auth.mdx +257 -0
- package/.docs/organized/docs/integrations/oidc.mdx +64 -0
- package/.docs/organized/docs/integrations/okta-saml.mdx +144 -0
- package/.docs/organized/docs/integrations/okta-scim.mdx +210 -0
- package/.docs/organized/docs/integrations/onelogin-saml.mdx +131 -0
- package/.docs/organized/docs/integrations/onelogin-scim.mdx +150 -0
- package/.docs/organized/docs/integrations/oracle-saml.mdx +76 -0
- package/.docs/organized/docs/integrations/pingfederate-saml.mdx +103 -0
- package/.docs/organized/docs/integrations/pingfederate-scim.mdx +150 -0
- package/.docs/organized/docs/integrations/pingone-saml.mdx +86 -0
- package/.docs/organized/docs/integrations/react-native-expo.mdx +93 -0
- package/.docs/organized/docs/integrations/rippling-saml.mdx +174 -0
- package/.docs/organized/docs/integrations/rippling-scim.mdx +148 -0
- package/.docs/organized/docs/integrations/salesforce-saml.mdx +143 -0
- package/.docs/organized/docs/integrations/saml.mdx +64 -0
- package/.docs/organized/docs/integrations/scim.mdx +64 -0
- package/.docs/organized/docs/integrations/sftp.mdx +150 -0
- package/.docs/organized/docs/integrations/shibboleth-generic-saml.mdx +84 -0
- package/.docs/organized/docs/integrations/shibboleth-unsolicited-saml.mdx +84 -0
- package/.docs/organized/docs/integrations/simple-saml-php.mdx +78 -0
- package/.docs/organized/docs/integrations/slack-oauth.mdx +102 -0
- package/.docs/organized/docs/integrations/supabase.mdx +68 -0
- package/.docs/organized/docs/integrations/vmware-saml.mdx +100 -0
- package/.docs/organized/docs/integrations/workday.mdx +156 -0
- package/.docs/organized/docs/integrations/xero-oauth.mdx +83 -0
- package/.docs/organized/docs/magic-link/_navigation.mdx +16 -0
- package/.docs/organized/docs/magic-link/example-apps.mdx +46 -0
- package/.docs/organized/docs/magic-link/index.mdx +199 -0
- package/.docs/organized/docs/magic-link/launch-checklist.mdx +27 -0
- package/.docs/organized/docs/mfa/_navigation.mdx +18 -0
- package/.docs/organized/docs/mfa/example-apps.mdx +46 -0
- package/.docs/organized/docs/mfa/index.mdx +140 -0
- package/.docs/organized/docs/mfa/ux/enrollment.mdx +74 -0
- package/.docs/organized/docs/mfa/ux/sign-in.mdx +30 -0
- package/.docs/organized/docs/migrate/_navigation.mdx +6 -0
- package/.docs/organized/docs/migrate/auth0.mdx +98 -0
- package/.docs/organized/docs/migrate/aws-cognito.mdx +115 -0
- package/.docs/organized/docs/migrate/clerk.mdx +106 -0
- package/.docs/organized/docs/migrate/firebase.mdx +80 -0
- package/.docs/organized/docs/migrate/other-services.mdx +179 -0
- package/.docs/organized/docs/migrate/standalone-sso.mdx +105 -0
- package/.docs/organized/docs/on-prem-deployment.mdx +119 -0
- package/.docs/organized/docs/postman.mdx +90 -0
- package/.docs/organized/docs/reference/_navigation.mdx +527 -0
- package/.docs/organized/docs/reference/admin-portal/index.mdx +6 -0
- package/.docs/organized/docs/reference/admin-portal/portal-link/generate.mdx +268 -0
- package/.docs/organized/docs/reference/admin-portal/portal-link/index.mdx +15 -0
- package/.docs/organized/docs/reference/admin-portal/provider-icons/index.mdx +52 -0
- package/.docs/organized/docs/reference/api-keys.mdx +22 -0
- package/.docs/organized/docs/reference/audit-logs/audit-log-export.mdx +239 -0
- package/.docs/organized/docs/reference/audit-logs/audit-log-schema.mdx +69 -0
- package/.docs/organized/docs/reference/audit-logs/create-event.mdx +673 -0
- package/.docs/organized/docs/reference/audit-logs/create-export.mdx +308 -0
- package/.docs/organized/docs/reference/audit-logs/create-schema.mdx +95 -0
- package/.docs/organized/docs/reference/audit-logs/get-export.mdx +117 -0
- package/.docs/organized/docs/reference/audit-logs/get-retention.mdx +34 -0
- package/.docs/organized/docs/reference/audit-logs/index.mdx +6 -0
- package/.docs/organized/docs/reference/audit-logs/list-actions.mdx +40 -0
- package/.docs/organized/docs/reference/audit-logs/list-schemas.mdx +40 -0
- package/.docs/organized/docs/reference/audit-logs/set-retention.mdx +39 -0
- package/.docs/organized/docs/reference/client-libraries.mdx +19 -0
- package/.docs/organized/docs/reference/directory-sync/directory/delete.mdx +90 -0
- package/.docs/organized/docs/reference/directory-sync/directory/get.mdx +105 -0
- package/.docs/organized/docs/reference/directory-sync/directory/index.mdx +385 -0
- package/.docs/organized/docs/reference/directory-sync/directory/list.mdx +281 -0
- package/.docs/organized/docs/reference/directory-sync/directory-group/get.mdx +105 -0
- package/.docs/organized/docs/reference/directory-sync/directory-group/index.mdx +277 -0
- package/.docs/organized/docs/reference/directory-sync/directory-group/list.mdx +295 -0
- package/.docs/organized/docs/reference/directory-sync/directory-user/get.mdx +112 -0
- package/.docs/organized/docs/reference/directory-sync/directory-user/index.mdx +470 -0
- package/.docs/organized/docs/reference/directory-sync/directory-user/list.mdx +304 -0
- package/.docs/organized/docs/reference/directory-sync/index.mdx +10 -0
- package/.docs/organized/docs/reference/domain-verification/create.mdx +38 -0
- package/.docs/organized/docs/reference/domain-verification/get.mdx +32 -0
- package/.docs/organized/docs/reference/domain-verification/index.mdx +84 -0
- package/.docs/organized/docs/reference/domain-verification/verify.mdx +36 -0
- package/.docs/organized/docs/reference/errors.mdx +30 -0
- package/.docs/organized/docs/reference/events/index.mdx +9 -0
- package/.docs/organized/docs/reference/events/list.mdx +246 -0
- package/.docs/organized/docs/reference/fga/batch-check.mdx +277 -0
- package/.docs/organized/docs/reference/fga/check.mdx +563 -0
- package/.docs/organized/docs/reference/fga/index.mdx +6 -0
- package/.docs/organized/docs/reference/fga/policy/create.mdx +27 -0
- package/.docs/organized/docs/reference/fga/policy/delete.mdx +18 -0
- package/.docs/organized/docs/reference/fga/policy/get.mdx +23 -0
- package/.docs/organized/docs/reference/fga/policy/index.mdx +52 -0
- package/.docs/organized/docs/reference/fga/policy/list.mdx +41 -0
- package/.docs/organized/docs/reference/fga/policy/update.mdx +26 -0
- package/.docs/organized/docs/reference/fga/query.mdx +375 -0
- package/.docs/organized/docs/reference/fga/resource/batch-write.mdx +175 -0
- package/.docs/organized/docs/reference/fga/resource/create.mdx +130 -0
- package/.docs/organized/docs/reference/fga/resource/delete.mdx +86 -0
- package/.docs/organized/docs/reference/fga/resource/get.mdx +88 -0
- package/.docs/organized/docs/reference/fga/resource/index.mdx +98 -0
- package/.docs/organized/docs/reference/fga/resource/list.mdx +188 -0
- package/.docs/organized/docs/reference/fga/resource/update.mdx +115 -0
- package/.docs/organized/docs/reference/fga/resource-type/apply.mdx +35 -0
- package/.docs/organized/docs/reference/fga/resource-type/create.mdx +24 -0
- package/.docs/organized/docs/reference/fga/resource-type/delete.mdx +22 -0
- package/.docs/organized/docs/reference/fga/resource-type/get.mdx +23 -0
- package/.docs/organized/docs/reference/fga/resource-type/index.mdx +68 -0
- package/.docs/organized/docs/reference/fga/resource-type/list.mdx +36 -0
- package/.docs/organized/docs/reference/fga/resource-type/update.mdx +23 -0
- package/.docs/organized/docs/reference/fga/schema/apply.mdx +42 -0
- package/.docs/organized/docs/reference/fga/schema/get.mdx +24 -0
- package/.docs/organized/docs/reference/fga/schema/index.mdx +39 -0
- package/.docs/organized/docs/reference/fga/warrant/batch-write.mdx +226 -0
- package/.docs/organized/docs/reference/fga/warrant/create.mdx +215 -0
- package/.docs/organized/docs/reference/fga/warrant/delete.mdx +212 -0
- package/.docs/organized/docs/reference/fga/warrant/index.mdx +186 -0
- package/.docs/organized/docs/reference/fga/warrant/list.mdx +282 -0
- package/.docs/organized/docs/reference/idempotency.mdx +21 -0
- package/.docs/organized/docs/reference/index.mdx +194 -0
- package/.docs/organized/docs/reference/magic-link/index.mdx +8 -0
- package/.docs/organized/docs/reference/magic-link/passwordless-session/create.mdx +268 -0
- package/.docs/organized/docs/reference/magic-link/passwordless-session/index.mdx +203 -0
- package/.docs/organized/docs/reference/magic-link/passwordless-session/send-email.mdx +158 -0
- package/.docs/organized/docs/reference/mfa/authentication-challenge.mdx +217 -0
- package/.docs/organized/docs/reference/mfa/authentication-factor.mdx +381 -0
- package/.docs/organized/docs/reference/mfa/challenge-factor.mdx +170 -0
- package/.docs/organized/docs/reference/mfa/delete-factor.mdx +93 -0
- package/.docs/organized/docs/reference/mfa/enroll-factor.mdx +241 -0
- package/.docs/organized/docs/reference/mfa/get-factor.mdx +108 -0
- package/.docs/organized/docs/reference/mfa/index.mdx +8 -0
- package/.docs/organized/docs/reference/mfa/verify-challenge.mdx +228 -0
- package/.docs/organized/docs/reference/organization/create.mdx +216 -0
- package/.docs/organized/docs/reference/organization/delete.mdx +89 -0
- package/.docs/organized/docs/reference/organization/get-by-external-id.mdx +40 -0
- package/.docs/organized/docs/reference/organization/get.mdx +104 -0
- package/.docs/organized/docs/reference/organization/index.mdx +274 -0
- package/.docs/organized/docs/reference/organization/list.mdx +258 -0
- package/.docs/organized/docs/reference/organization/update.mdx +236 -0
- package/.docs/organized/docs/reference/organization-domain.mdx +189 -0
- package/.docs/organized/docs/reference/pagination.mdx +244 -0
- package/.docs/organized/docs/reference/radar/attempts/create.mdx +115 -0
- package/.docs/organized/docs/reference/radar/attempts/index.mdx +7 -0
- package/.docs/organized/docs/reference/radar/attempts/update.mdx +34 -0
- package/.docs/organized/docs/reference/radar/index.mdx +8 -0
- package/.docs/organized/docs/reference/radar/lists/delete.mdx +36 -0
- package/.docs/organized/docs/reference/radar/lists/index.mdx +7 -0
- package/.docs/organized/docs/reference/radar/lists/update.mdx +36 -0
- package/.docs/organized/docs/reference/rate-limits.mdx +50 -0
- package/.docs/organized/docs/reference/roles/index.mdx +268 -0
- package/.docs/organized/docs/reference/roles/list-for-organization.mdx +152 -0
- package/.docs/organized/docs/reference/sso/connection/delete.mdx +89 -0
- package/.docs/organized/docs/reference/sso/connection/get.mdx +104 -0
- package/.docs/organized/docs/reference/sso/connection/index.mdx +388 -0
- package/.docs/organized/docs/reference/sso/connection/list.mdx +320 -0
- package/.docs/organized/docs/reference/sso/get-authorization-url/error-codes.mdx +28 -0
- package/.docs/organized/docs/reference/sso/get-authorization-url/index.mdx +434 -0
- package/.docs/organized/docs/reference/sso/get-authorization-url/redirect-uri.mdx +21 -0
- package/.docs/organized/docs/reference/sso/index.mdx +8 -0
- package/.docs/organized/docs/reference/sso/logout/authorize.mdx +47 -0
- package/.docs/organized/docs/reference/sso/logout/index.mdx +14 -0
- package/.docs/organized/docs/reference/sso/logout/redirect.mdx +32 -0
- package/.docs/organized/docs/reference/sso/profile/get-profile-and-token.mdx +229 -0
- package/.docs/organized/docs/reference/sso/profile/get-user-profile.mdx +127 -0
- package/.docs/organized/docs/reference/sso/profile/index.mdx +364 -0
- package/.docs/organized/docs/reference/testing.mdx +8 -0
- package/.docs/organized/docs/reference/user-management/access-token/index.mdx +13 -0
- package/.docs/organized/docs/reference/user-management/authentication/code.mdx +448 -0
- package/.docs/organized/docs/reference/user-management/authentication/email-verification.mdx +359 -0
- package/.docs/organized/docs/reference/user-management/authentication/get-authorization-url/error-codes.mdx +25 -0
- package/.docs/organized/docs/reference/user-management/authentication/get-authorization-url/index.mdx +425 -0
- package/.docs/organized/docs/reference/user-management/authentication/get-authorization-url/pkce.mdx +9 -0
- package/.docs/organized/docs/reference/user-management/authentication/get-authorization-url/redirect-uri.mdx +23 -0
- package/.docs/organized/docs/reference/user-management/authentication/index.mdx +66 -0
- package/.docs/organized/docs/reference/user-management/authentication/magic-auth.mdx +353 -0
- package/.docs/organized/docs/reference/user-management/authentication/organization-selection.mdx +349 -0
- package/.docs/organized/docs/reference/user-management/authentication/password.mdx +350 -0
- package/.docs/organized/docs/reference/user-management/authentication/refresh-and-seal-session-data.mdx +57 -0
- package/.docs/organized/docs/reference/user-management/authentication/refresh-token.mdx +381 -0
- package/.docs/organized/docs/reference/user-management/authentication/session-cookie.mdx +79 -0
- package/.docs/organized/docs/reference/user-management/authentication/totp.mdx +369 -0
- package/.docs/organized/docs/reference/user-management/authentication-errors/email-verification-required-error.mdx +42 -0
- package/.docs/organized/docs/reference/user-management/authentication-errors/index.mdx +20 -0
- package/.docs/organized/docs/reference/user-management/authentication-errors/mfa-challenge-error.mdx +44 -0
- package/.docs/organized/docs/reference/user-management/authentication-errors/mfa-enrollment-error.mdx +37 -0
- package/.docs/organized/docs/reference/user-management/authentication-errors/organization-authentication-required-error.mdx +68 -0
- package/.docs/organized/docs/reference/user-management/authentication-errors/organization-selection-error.mdx +44 -0
- package/.docs/organized/docs/reference/user-management/authentication-errors/sso-required-error.mdx +51 -0
- package/.docs/organized/docs/reference/user-management/email-verification/get.mdx +88 -0
- package/.docs/organized/docs/reference/user-management/email-verification/index.mdx +227 -0
- package/.docs/organized/docs/reference/user-management/identity/index.mdx +74 -0
- package/.docs/organized/docs/reference/user-management/identity/list.mdx +52 -0
- package/.docs/organized/docs/reference/user-management/index.mdx +13 -0
- package/.docs/organized/docs/reference/user-management/invitation/accept.mdx +39 -0
- package/.docs/organized/docs/reference/user-management/invitation/find-by-token.mdx +87 -0
- package/.docs/organized/docs/reference/user-management/invitation/get.mdx +87 -0
- package/.docs/organized/docs/reference/user-management/invitation/index.mdx +374 -0
- package/.docs/organized/docs/reference/user-management/invitation/list.mdx +247 -0
- package/.docs/organized/docs/reference/user-management/invitation/revoke.mdx +90 -0
- package/.docs/organized/docs/reference/user-management/invitation/send.mdx +230 -0
- package/.docs/organized/docs/reference/user-management/logout/get-logout-url-from-session-cookie.mdx +52 -0
- package/.docs/organized/docs/reference/user-management/logout/get-logout-url.mdx +147 -0
- package/.docs/organized/docs/reference/user-management/logout/index.mdx +26 -0
- package/.docs/organized/docs/reference/user-management/magic-auth/create.mdx +148 -0
- package/.docs/organized/docs/reference/user-management/magic-auth/get.mdx +88 -0
- package/.docs/organized/docs/reference/user-management/magic-auth/index.mdx +225 -0
- package/.docs/organized/docs/reference/user-management/mfa/authentication-challenge.mdx +194 -0
- package/.docs/organized/docs/reference/user-management/mfa/authentication-factor.mdx +324 -0
- package/.docs/organized/docs/reference/user-management/mfa/enroll-auth-factor.mdx +296 -0
- package/.docs/organized/docs/reference/user-management/mfa/index.mdx +5 -0
- package/.docs/organized/docs/reference/user-management/mfa/list-auth-factors.mdx +194 -0
- package/.docs/organized/docs/reference/user-management/organization-membership/create.mdx +155 -0
- package/.docs/organized/docs/reference/user-management/organization-membership/deactivate.mdx +106 -0
- package/.docs/organized/docs/reference/user-management/organization-membership/delete.mdx +76 -0
- package/.docs/organized/docs/reference/user-management/organization-membership/get.mdx +95 -0
- package/.docs/organized/docs/reference/user-management/organization-membership/index.mdx +265 -0
- package/.docs/organized/docs/reference/user-management/organization-membership/list.mdx +291 -0
- package/.docs/organized/docs/reference/user-management/organization-membership/reactivate.mdx +106 -0
- package/.docs/organized/docs/reference/user-management/organization-membership/update.mdx +119 -0
- package/.docs/organized/docs/reference/user-management/password-reset/create.mdx +108 -0
- package/.docs/organized/docs/reference/user-management/password-reset/get.mdx +88 -0
- package/.docs/organized/docs/reference/user-management/password-reset/index.mdx +227 -0
- package/.docs/organized/docs/reference/user-management/password-reset/reset-password.mdx +144 -0
- package/.docs/organized/docs/reference/user-management/session-helpers/authenticate.mdx +176 -0
- package/.docs/organized/docs/reference/user-management/session-helpers/get-logout-url.mdx +42 -0
- package/.docs/organized/docs/reference/user-management/session-helpers/index.mdx +14 -0
- package/.docs/organized/docs/reference/user-management/session-helpers/load-sealed-session.mdx +105 -0
- package/.docs/organized/docs/reference/user-management/session-helpers/refresh.mdx +213 -0
- package/.docs/organized/docs/reference/user-management/session-tokens/access-token.mdx +90 -0
- package/.docs/organized/docs/reference/user-management/session-tokens/index.mdx +5 -0
- package/.docs/organized/docs/reference/user-management/session-tokens/jwks.mdx +110 -0
- package/.docs/organized/docs/reference/user-management/session-tokens/refresh-token.mdx +8 -0
- package/.docs/organized/docs/reference/user-management/user/create.mdx +327 -0
- package/.docs/organized/docs/reference/user-management/user/delete.mdx +76 -0
- package/.docs/organized/docs/reference/user-management/user/get-by-external-id.mdx +39 -0
- package/.docs/organized/docs/reference/user-management/user/get.mdx +103 -0
- package/.docs/organized/docs/reference/user-management/user/index.mdx +322 -0
- package/.docs/organized/docs/reference/user-management/user/list.mdx +260 -0
- package/.docs/organized/docs/reference/user-management/user/update.mdx +344 -0
- package/.docs/organized/docs/reference/vault/index.mdx +6 -0
- package/.docs/organized/docs/reference/vault/key/create-data-key.mdx +106 -0
- package/.docs/organized/docs/reference/vault/key/decrypt-data-key.mdx +84 -0
- package/.docs/organized/docs/reference/vault/key/decrypt-data.mdx +52 -0
- package/.docs/organized/docs/reference/vault/key/encrypt-data.mdx +58 -0
- package/.docs/organized/docs/reference/vault/key/index.mdx +25 -0
- package/.docs/organized/docs/reference/vault/object/create.mdx +62 -0
- package/.docs/organized/docs/reference/vault/object/delete.mdx +75 -0
- package/.docs/organized/docs/reference/vault/object/get.mdx +50 -0
- package/.docs/organized/docs/reference/vault/object/index.mdx +174 -0
- package/.docs/organized/docs/reference/vault/object/list.mdx +105 -0
- package/.docs/organized/docs/reference/vault/object/metadata.mdx +52 -0
- package/.docs/organized/docs/reference/vault/object/update.mdx +67 -0
- package/.docs/organized/docs/reference/vault/object/version.mdx +87 -0
- package/.docs/organized/docs/reference/vault/object/versions.mdx +83 -0
- package/.docs/organized/docs/reference/widgets/get-token.mdx +185 -0
- package/.docs/organized/docs/reference/widgets/index.mdx +6 -0
- package/.docs/organized/docs/reference/workos-connect/authorize/index.mdx +75 -0
- package/.docs/organized/docs/reference/workos-connect/index.mdx +33 -0
- package/.docs/organized/docs/reference/workos-connect/introspection/index.mdx +122 -0
- package/.docs/organized/docs/reference/workos-connect/metadata/index.mdx +25 -0
- package/.docs/organized/docs/reference/workos-connect/metadata/oauth-authorization-server/index.mdx +99 -0
- package/.docs/organized/docs/reference/workos-connect/metadata/openid-configuration/index.mdx +70 -0
- package/.docs/organized/docs/reference/workos-connect/token/authorization-code-grant/access-token.mdx +53 -0
- package/.docs/organized/docs/reference/workos-connect/token/authorization-code-grant/id-token.mdx +60 -0
- package/.docs/organized/docs/reference/workos-connect/token/authorization-code-grant/index.mdx +69 -0
- package/.docs/organized/docs/reference/workos-connect/token/client-credentials-grant/access-token.mdx +46 -0
- package/.docs/organized/docs/reference/workos-connect/token/client-credentials-grant/index.mdx +56 -0
- package/.docs/organized/docs/reference/workos-connect/token/index.mdx +39 -0
- package/.docs/organized/docs/reference/workos-connect/token/refresh-token-grant.mdx +69 -0
- package/.docs/organized/docs/reference/workos-connect/userinfo/index.mdx +46 -0
- package/.docs/organized/docs/sdks/dotnet.mdx +6 -0
- package/.docs/organized/docs/sdks/elixir.mdx +6 -0
- package/.docs/organized/docs/sdks/go.mdx +6 -0
- package/.docs/organized/docs/sdks/java.mdx +9 -0
- package/.docs/organized/docs/sdks/laravel.mdx +6 -0
- package/.docs/organized/docs/sdks/node.mdx +9 -0
- package/.docs/organized/docs/sdks/php.mdx +6 -0
- package/.docs/organized/docs/sdks/python.mdx +6 -0
- package/.docs/organized/docs/sdks/ruby.mdx +9 -0
- package/.docs/organized/docs/sso/_navigation.mdx +44 -0
- package/.docs/organized/docs/sso/_sequence-diagrams/saml-protocol-security-considerations.md +59 -0
- package/.docs/organized/docs/sso/attributes.mdx +110 -0
- package/.docs/organized/docs/sso/domains.mdx +111 -0
- package/.docs/organized/docs/sso/example-apps.mdx +46 -0
- package/.docs/organized/docs/sso/identity-provider-role-assignment.mdx +113 -0
- package/.docs/organized/docs/sso/index.mdx +295 -0
- package/.docs/organized/docs/sso/it-team-faq.mdx +35 -0
- package/.docs/organized/docs/sso/jit-provisioning.mdx +101 -0
- package/.docs/organized/docs/sso/launch-checklist.mdx +71 -0
- package/.docs/organized/docs/sso/login-flows.mdx +101 -0
- package/.docs/organized/docs/sso/redirect-uris.mdx +44 -0
- package/.docs/organized/docs/sso/saml-security.mdx +122 -0
- package/.docs/organized/docs/sso/signing-certificates.mdx +121 -0
- package/.docs/organized/docs/sso/single-logout.mdx +45 -0
- package/.docs/organized/docs/sso/test-sso.mdx +73 -0
- package/.docs/organized/docs/sso/ux/sign-in.mdx +44 -0
- package/.docs/organized/docs/user-management/_navigation.mdx +87 -0
- package/.docs/organized/docs/user-management/actions.mdx +169 -0
- package/.docs/organized/docs/user-management/authkit.mdx +69 -0
- package/.docs/organized/docs/user-management/branding.mdx +143 -0
- package/.docs/organized/docs/user-management/connect.mdx +110 -0
- package/.docs/organized/docs/user-management/custom-emails.mdx +164 -0
- package/.docs/organized/docs/user-management/directory-provisioning.mdx +78 -0
- package/.docs/organized/docs/user-management/domain-verification.mdx +28 -0
- package/.docs/organized/docs/user-management/email-password.mdx +42 -0
- package/.docs/organized/docs/user-management/email-verification.mdx +29 -0
- package/.docs/organized/docs/user-management/entitlements.mdx +46 -0
- package/.docs/organized/docs/user-management/example-apps.mdx +39 -0
- package/.docs/organized/docs/user-management/identity-linking.mdx +52 -0
- package/.docs/organized/docs/user-management/impersonation.mdx +82 -0
- package/.docs/organized/docs/user-management/index.mdx +525 -0
- package/.docs/organized/docs/user-management/invitations.mdx +60 -0
- package/.docs/organized/docs/user-management/invite-only-signup.mdx +72 -0
- package/.docs/organized/docs/user-management/jit-provisioning.mdx +36 -0
- package/.docs/organized/docs/user-management/jwt-templates.mdx +278 -0
- package/.docs/organized/docs/user-management/magic-auth.mdx +36 -0
- package/.docs/organized/docs/user-management/mcp.mdx +146 -0
- package/.docs/organized/docs/user-management/metadata.mdx +119 -0
- package/.docs/organized/docs/user-management/mfa.mdx +32 -0
- package/.docs/organized/docs/user-management/migrations.mdx +20 -0
- package/.docs/organized/docs/user-management/modeling-your-app.mdx +149 -0
- package/.docs/organized/docs/user-management/organization-policies.mdx +33 -0
- package/.docs/organized/docs/user-management/overview.mdx +46 -0
- package/.docs/organized/docs/user-management/passkeys.mdx +42 -0
- package/.docs/organized/docs/user-management/radar.mdx +127 -0
- package/.docs/organized/docs/user-management/roles-and-permissions.mdx +155 -0
- package/.docs/organized/docs/user-management/sessions.mdx +101 -0
- package/.docs/organized/docs/user-management/social-login.mdx +34 -0
- package/.docs/organized/docs/user-management/sso-with-contractors.mdx +85 -0
- package/.docs/organized/docs/user-management/sso.mdx +96 -0
- package/.docs/organized/docs/user-management/users-organizations.mdx +91 -0
- package/.docs/organized/docs/user-management/widgets.mdx +190 -0
- package/.docs/organized/docs/vault/_navigation.mdx +14 -0
- package/.docs/organized/docs/vault/index.mdx +38 -0
- package/.docs/organized/docs/vault/key-context.mdx +32 -0
- package/.docs/organized/docs/vault/quick-start.mdx +82 -0
- package/README.md +252 -0
- package/dist/chunk-64GKEK6G.js +48 -0
- package/dist/chunk-64GKEK6G.js.map +1 -0
- package/dist/get-tools.d.ts +23 -0
- package/dist/get-tools.js +8 -0
- package/dist/get-tools.js.map +1 -0
- package/dist/index.d.ts +1 -0
- package/dist/index.js +552 -0
- package/dist/index.js.map +1 -0
- package/dist/prepare.d.ts +2 -0
- package/dist/prepare.js +269 -0
- package/dist/prepare.js.map +1 -0
- package/package.json +49 -0
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: Directory Sync
|
|
3
|
+
description: "Build frictionless onboarding for\_organizations with\_real‑time user\_provisioning and deprovisioning."
|
|
4
|
+
showNextPage: true
|
|
5
|
+
originalPath: .tmp-workos-clone/packages/docs/content/directory-sync/index.mdx
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
## Introduction
|
|
9
|
+
|
|
10
|
+
Organizations use company directories and HRIS systems to manage users and enforce their access to organization resources. Directories enable IT admins to activate and deactivate accounts, create groups that inform access rules, accelerate adoption of new tools, and more.
|
|
11
|
+
|
|
12
|
+
## Definitions
|
|
13
|
+
|
|
14
|
+
**ULM**
|
|
15
|
+
: User Lifecycle Management (or ULM) is the process of managing a user’s access to an app. This occurs from app onboarding until they are removed from an app. ULM is also commonly referred to as identity provisioning.
|
|
16
|
+
|
|
17
|
+
**SCIM**
|
|
18
|
+
: System for Cross-domain Identity Management (or SCIM) is an open standard for managing automated user and group provisioning. It’s a standard that many directory providers interface with.
|
|
19
|
+
|
|
20
|
+
**HRIS**
|
|
21
|
+
: A Human Resources Information System (or HRIS) is software designed to maintain, manage, and process detailed employee information and human resources-related policies. Examples include: Workday, HiBob, BambooHR, etc.
|
|
22
|
+
|
|
23
|
+
**User Provisioning**
|
|
24
|
+
: Provisioning is the process of creating a user and setting attributes for them – inside of an app.
|
|
25
|
+
|
|
26
|
+
**User Deprovisioning**
|
|
27
|
+
: Deprovisioning is the process of removing a user from an app.
|
|
28
|
+
|
|
29
|
+
## What is Directory Sync?
|
|
30
|
+
|
|
31
|
+
Directory Sync is a set of developer-friendly APIs and IT admin tools that allows you to implement enterprise-grade User Lifecycle Management (ULM) into your existing app.
|
|
32
|
+
|
|
33
|
+
ULM allows IT admins to centrally provision and deprovision users from their directory provider. A directory provider is the source of truth for your enterprise customer’s user and group lists. Directory Sync sends automatic updates to your app for changes to directories, groups, users, or access rules.
|
|
34
|
+
|
|
35
|
+
Common directory providers include: [Microsoft Active Directory](/integrations/microsoft-ad-fs-saml), [Okta](/integrations/okta-scim), [Workday](/integrations/workday), and [Google Workspace](/integrations/google-directory-sync). See the full list of supported directory providers on the [integrations](/integrations) page.
|
|
36
|
+
|
|
37
|
+
## Why use Directory Sync?
|
|
38
|
+
|
|
39
|
+
ULM increases the security of your app and makes it easier for your customers to use your app. ULM is most often implemented using [SCIM](/glossary/scim). SCIM requests are sent between directory providers and your app to inform you of changes to a user’s identity. Changes can include:
|
|
40
|
+
|
|
41
|
+
- Provisioning an identity for a user (account creation)
|
|
42
|
+
- When a user’s attribute has changed (account update)
|
|
43
|
+
- Deprovisioning a user from your app (account deletion)
|
|
44
|
+
|
|
45
|
+
Each directory provider implements SCIM differently. Implementing SCIM is often a challenging process and can introduce security vulnerabilities into your app. Directory Sync hides this complexity, so you can focus on building core product features in your app.
|
|
46
|
+
|
|
47
|
+
## What your customer experiences
|
|
48
|
+
|
|
49
|
+
Let’s take a look at two different user provisioning scenarios.
|
|
50
|
+
|
|
51
|
+
### (N) Your app doesn’t use Directory Sync
|
|
52
|
+
|
|
53
|
+
Without ULM, your customers have to manually add, update, and remove users from your app.
|
|
54
|
+
|
|
55
|
+
Imagine a scenario where your customer has purchased your software and onboards a new employee to your app. Your customer would have to do the following:
|
|
56
|
+
|
|
57
|
+
1. The IT admin provisions the employee in their directory provider (_if they use one_) and manually in your app.
|
|
58
|
+
2. All employee information has to be set manually in both the directory provider and your app.
|
|
59
|
+
3. The IT admin has to manually provision a login method for the employee; through either SSO (_if they use an identity provider_) or a self-registration page.
|
|
60
|
+
4. The IT admin sends the invite link to their employee. Often initiating a back and forth via either email, messaging app, or IT helpdesk ticket.
|
|
61
|
+
5. The employee has to proceed with the registration method and can then use your app.
|
|
62
|
+
|
|
63
|
+
All future changes to this employee’s data and access are manually entered by the IT admin. This is error prone and can lead to security vulnerabilities where users get unauthorized access to resources.
|
|
64
|
+
|
|
65
|
+
As your customers adopt more cloud software, these manual processes do not scale well. Manual input error can lead to the source of truth (directory) drifting from your app’s state. As a result, ULM has become a table stakes product requirement for enterprises.
|
|
66
|
+
|
|
67
|
+
### (Y) Your app uses Directory Sync
|
|
68
|
+
|
|
69
|
+
If your app supports ULM via Directory Sync, the IT admin can provision this employee from one place:
|
|
70
|
+
|
|
71
|
+
1. Add the employee to their directory provider.
|
|
72
|
+
2. Assign the employee to your app with the appropriate role once; via the directory provider admin page.
|
|
73
|
+
3. **Optional.** Have the employee go through a password setup if they are not using an identity provider (SSO).
|
|
74
|
+
|
|
75
|
+
Directory Sync makes this integration easy by providing APIs your app interfaces with. All updates for this directory will automatically be sent to your app from WorkOS.
|
|
76
|
+
|
|
77
|
+
---
|
|
78
|
+
|
|
79
|
+
## API overview
|
|
80
|
+
|
|
81
|
+
[Directory](/reference/directory-sync/directory), [directory group](/reference/directory-sync/directory-group), and [directory user](/reference/directory-sync/directory-user) are the main components your app interfaces with.
|
|
82
|
+
|
|
83
|
+
### Directory
|
|
84
|
+
|
|
85
|
+
<DirectorySyncDiagram.Directory />
|
|
86
|
+
|
|
87
|
+
A directory is the source of truth for your customer’s user and group lists.
|
|
88
|
+
|
|
89
|
+
WorkOS supports dozens of integrations including SCIM. Directory updates are delivered to you via webhooks. Your app stores a mapping between your customer and their directory. This allows you to maintain your app in sync with the directory provider used by your customer.
|
|
90
|
+
|
|
91
|
+
You can enable self-service Directory Sync setup for your customers using the [Admin Portal](/admin-portal).
|
|
92
|
+
|
|
93
|
+
### Directory group
|
|
94
|
+
|
|
95
|
+
<DirectorySyncDiagram.Group />
|
|
96
|
+
|
|
97
|
+
A directory group is a collection of users within an organization who have been provisioned with access to your app.
|
|
98
|
+
|
|
99
|
+
Directory groups are mapped from directory provider groups. Directory groups are most often used to categorize a collection of users based on shared traits. i.e. Grouping software developers at a company under an “Engineering” group.
|
|
100
|
+
|
|
101
|
+
### Directory user
|
|
102
|
+
|
|
103
|
+
<DirectorySyncDiagram.User />
|
|
104
|
+
|
|
105
|
+
A directory user is a person or entity within an organization who has been provisioned with access to your app.
|
|
106
|
+
|
|
107
|
+
Users can belong to multiple directory groups. Users have [attributes](/directory-sync/attributes) associated with them. These attributes can be configured for your app’s needs.
|
|
@@ -0,0 +1,129 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: Quick Start
|
|
3
|
+
description: "Set up a directory, install the SDK, and\_integrate Directory\_Sync."
|
|
4
|
+
showNextPage: true
|
|
5
|
+
originalPath: .tmp-workos-clone/packages/docs/content/directory-sync/quick-start.mdx
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
## What you’ll build
|
|
9
|
+
|
|
10
|
+
In this guide, we’ll take you from learning about Directory Sync and POC-ing all the way through to building production-ready features fully integrated with the WorkOS Directory Sync API.
|
|
11
|
+
|
|
12
|
+
This guide will show you how to:
|
|
13
|
+
|
|
14
|
+
1. Create a new directory in the WorkOS Dashboard
|
|
15
|
+
2. Add Directory Sync to your app and fetch directory resources
|
|
16
|
+
3. Use events to keep your app in sync with the directory changes
|
|
17
|
+
|
|
18
|
+
## Before getting started
|
|
19
|
+
|
|
20
|
+
To get the most out of this guide, you’ll need:
|
|
21
|
+
|
|
22
|
+
- A [WorkOS account](https://dashboard.workos.com/)
|
|
23
|
+
- A directory from a directory provider that WorkOS supports
|
|
24
|
+
|
|
25
|
+
## API object definitions
|
|
26
|
+
|
|
27
|
+
[Directory](/reference/directory-sync/directory)
|
|
28
|
+
: Stores info about an organization’s user management system (i.e. directory provider).
|
|
29
|
+
|
|
30
|
+
[Directory user](/reference/directory-sync/directory-user)
|
|
31
|
+
: Represents an organization user that is active in an organization’s directory provider.
|
|
32
|
+
|
|
33
|
+
[Directory group](/reference/directory-sync/directory-group)
|
|
34
|
+
: A collection of organization users within a directory, e.g. IT, database admins, HR.
|
|
35
|
+
|
|
36
|
+
> The WorkOS Directory Sync API exclusively uses read-only operations. We never mutate end-user directories.
|
|
37
|
+
|
|
38
|
+
---
|
|
39
|
+
|
|
40
|
+
## (1) Create a new directory connection
|
|
41
|
+
|
|
42
|
+
The first step to connecting with a directory is creating an organization in the [WorkOS Dashboard](https://dashboard.workos.com/). You will then be able to create a new [connection](/glossary/connection) to the organization’s directory. Let’s start by creating one for development in your sandbox environment
|
|
43
|
+
|
|
44
|
+
Get provider-specific instructions by selecting the directory provider you want to test:
|
|
45
|
+
|
|
46
|
+
<ProviderCards.DirSyncIntegration />
|
|
47
|
+
|
|
48
|
+
> You can view and copy the unique identifier for the directory connection on the directory page, once it has been set up. The id takes the form `directory_*`.
|
|
49
|
+
|
|
50
|
+
---
|
|
51
|
+
|
|
52
|
+
## (2) Add Directory Sync to your app
|
|
53
|
+
|
|
54
|
+
Let’s integrate the Directory Sync API into your app to enable fetching directory resources programmatically.
|
|
55
|
+
|
|
56
|
+
### Install the WorkOS SDK
|
|
57
|
+
|
|
58
|
+
WorkOS offers native SDKs in several popular programming languages. Choose a language below to see instructions in your application’s language.
|
|
59
|
+
|
|
60
|
+
<LanguageSelector>
|
|
61
|
+
Install the SDK using the command below.
|
|
62
|
+
|
|
63
|
+
<CodeBlock title="Install the WorkOS SDK" file="install-sdk">
|
|
64
|
+
<CodeBlockTab language="js" file="install-sdk-npm" title="npm" />
|
|
65
|
+
<CodeBlockTab language="js" file="install-sdk-yarn" title="Yarn" />
|
|
66
|
+
<CodeBlockTab language="java" file="install-sdk-maven" title="Maven" />
|
|
67
|
+
<CodeBlockTab language="java" file="install-sdk-gradle" title="Gradle" />
|
|
68
|
+
<CodeBlockTab language="ruby" file="install-sdk-terminal" title="Terminal" />
|
|
69
|
+
<CodeBlockTab language="ruby" file="install-sdk-bundler" title="Bundler" />
|
|
70
|
+
</CodeBlock>
|
|
71
|
+
</LanguageSelector>
|
|
72
|
+
|
|
73
|
+
### Set secrets
|
|
74
|
+
|
|
75
|
+
To make calls to WorkOS, provide the API key and, in some cases, the client ID. Store these values as managed secrets, such as `WORKOS_API_KEY` and `WORKOS_CLIENT_ID`, and pass them to the SDKs either as environment variables or directly in your app's configuration based on your preferences.
|
|
76
|
+
|
|
77
|
+
```plain title="Environment variables"
|
|
78
|
+
WORKOS_API_KEY='sk_example_123456789'
|
|
79
|
+
WORKOS_CLIENT_ID='client_123456789'
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
> The code examples use your staging API keys when [signed in](https://dashboard.workos.com).
|
|
83
|
+
|
|
84
|
+
### Fetch directory resources
|
|
85
|
+
|
|
86
|
+
Get the details of an existing directory user.
|
|
87
|
+
|
|
88
|
+
Example use case: pre-populate user attributes for new user accounts.
|
|
89
|
+
|
|
90
|
+
<CodeBlock title="Get directory user" file="get-directory-user" />
|
|
91
|
+
|
|
92
|
+
#### List directory users
|
|
93
|
+
|
|
94
|
+
Get directory users for a given directory or directory group.
|
|
95
|
+
|
|
96
|
+
Example use case: Build an onboarding experience that allows an admin to select who to invite and create accounts for.
|
|
97
|
+
|
|
98
|
+
<CodeBlock title="List directory users" file="list-directory-users" />
|
|
99
|
+
|
|
100
|
+
> Use the optional `limit`, `before`, and `after` parameters to paginate through results. See the [API Reference](/reference/pagination) for details.
|
|
101
|
+
|
|
102
|
+
#### Get directory group
|
|
103
|
+
|
|
104
|
+
Get the details of an existing directory group.
|
|
105
|
+
|
|
106
|
+
Example use case: Pre-populate team attributes for new organizations.
|
|
107
|
+
|
|
108
|
+
<CodeBlock title="Get directory group" file="get-directory-group" />
|
|
109
|
+
|
|
110
|
+
#### List directory groups
|
|
111
|
+
|
|
112
|
+
Get directory groups for a given directory or directory user.
|
|
113
|
+
|
|
114
|
+
Example use case: Build an onboarding experience that allows an admin to select which groups of employees to invite and create accounts for.
|
|
115
|
+
|
|
116
|
+
<CodeBlock title="List directory groups" file="list-directory-groups" />
|
|
117
|
+
|
|
118
|
+
> Use the optional `limit`, `before`, and `after` parameters to paginate through results. See the [API Reference](/reference/pagination) for details.
|
|
119
|
+
|
|
120
|
+
---
|
|
121
|
+
|
|
122
|
+
## (3) Handle directory events
|
|
123
|
+
|
|
124
|
+
Actions performed in a WorkOS environment are represented by events. These can occur as a result of user-related actions, manually via the WorkOS dashboard, or via API calls. To keep your app in sync with the latest directory data, follow the corresponding guides:
|
|
125
|
+
|
|
126
|
+
- Learn about the different types of events that you can receive. See [event types](/events).
|
|
127
|
+
- Handle the events you need on your side by syncing the data. See the [data syncing guide](/events/data-syncing).
|
|
128
|
+
- Understand how directory events work. See the [understanding events guide](/directory-sync/understanding-events).
|
|
129
|
+
- Optionally, stream events to Datadog. See the [observability guide](/events/observability/datadog).
|
|
@@ -0,0 +1,209 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: Understanding the Events Lifecycle
|
|
3
|
+
description: Understand the lifecycle of the events that occur in Directory Sync.
|
|
4
|
+
originalPath: >-
|
|
5
|
+
.tmp-workos-clone/packages/docs/content/directory-sync/understanding-events.mdx
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
## Introduction
|
|
9
|
+
|
|
10
|
+
Directory Sync events represent actions performed within directory providers. For example, an action could mean an IT admin assigning a user to your app or modifying a user group assigned to your app. These actions form the basis of user lifecycle management (ULM).
|
|
11
|
+
|
|
12
|
+
WorkOS provides information about these actions through a set of structured events. This reference guide will cover the events Directory Sync produces and what they mean. To learn about how to handle these events on your side, see the [data syncing guide](/events/data-syncing).
|
|
13
|
+
|
|
14
|
+
---
|
|
15
|
+
|
|
16
|
+
## Directory events
|
|
17
|
+
|
|
18
|
+
### `dsync.activated`
|
|
19
|
+
|
|
20
|
+
This event occurs when you or your customer have successfully created a connection between WorkOS and your customer’s directory provider.
|
|
21
|
+
|
|
22
|
+
- | Lifecycle
|
|
23
|
+
|
|
24
|
+
<DirectorySyncDiagram.DirectoryActivated />
|
|
25
|
+
|
|
26
|
+
- | Payload
|
|
27
|
+
|
|
28
|
+
<CodeBlock title="Sample event object" file="event-dsync-activated" />
|
|
29
|
+
|
|
30
|
+
`dsync.activated` is triggered if you manually create the directory connection in the [Developer Dashboard](https://dashboard.workos.com/), or your customer sets the connection up using the [Admin Portal](/admin-portal).
|
|
31
|
+
|
|
32
|
+
The directory ID identifies a connection with the directory of a particular customer. Your app should save it and associate the directory ID with the corresponding organization ID.
|
|
33
|
+
|
|
34
|
+
### `dsync.deleted`
|
|
35
|
+
|
|
36
|
+
This event occurs when a Directory Sync connection is deleted in WorkOS, thus tearing down the link between your customer’s directory provider and your app.
|
|
37
|
+
|
|
38
|
+
- | Lifecycle
|
|
39
|
+
|
|
40
|
+
<DirectorySyncDiagram.DirectoryDeleted />
|
|
41
|
+
|
|
42
|
+
- | Payload
|
|
43
|
+
|
|
44
|
+
<CodeBlock title="Sample event object" file="event-dsync-deleted" />
|
|
45
|
+
|
|
46
|
+
A connection can be deleted through the [Admin Portal](/admin-portal), [Developer Dashboard](https://dashboard.workos.com), or [WorkOS API](/reference/directory-sync/directory/delete). At this point your app should remove the association between the corresponding organization and its directory, as it no longer exists. Directories, users, and groups are typically deleted if your app offboards a customer altogether.
|
|
47
|
+
|
|
48
|
+
When receiving a `dsync.deleted` event, you can ignore the connection’s `state` attribute, since it indicates the state before the deletion occurs. When a directory is deleted in WorkOS, a sole `dsync.deleted` event is sent.
|
|
49
|
+
|
|
50
|
+
When a `dsync.deleted` event is received, it indicates that the users and groups in that directory have been deleted in WorkOS. You can process the `dsync.deleted` event accordingly in your application, removing the organization’s groups and its users from your application or marking them as deleted. `dsync.user.deleted` and `dsync.group.deleted` events will not be sent for the deleted directory.
|
|
51
|
+
|
|
52
|
+
---
|
|
53
|
+
|
|
54
|
+
## Directory user events
|
|
55
|
+
|
|
56
|
+
### `dsync.user.created`
|
|
57
|
+
|
|
58
|
+
This event occurs when an IT admin creates a user using their directory provider. It is standard to create and provision the user in your app when you receive this event.
|
|
59
|
+
|
|
60
|
+
- | Lifecycle
|
|
61
|
+
|
|
62
|
+
<DirectorySyncDiagram.UserCreated />
|
|
63
|
+
|
|
64
|
+
- | Payload
|
|
65
|
+
|
|
66
|
+
<CodeBlock title="Sample event object" file="event-dsync-user-created" />
|
|
67
|
+
|
|
68
|
+
You can add this user to your users table in your app and associate them with the directory ID and organization ID. You can begin to engage with the user at this point, e.g., send the user a “Getting Started” email.
|
|
69
|
+
|
|
70
|
+
During the initial sync of any directory, you will receive a `dsync.user.created` event for each existing user in the directory.
|
|
71
|
+
|
|
72
|
+
### `dsync.user.updated`
|
|
73
|
+
|
|
74
|
+
This event occurs when users’ attributes change. These attributes may be [standard attributes](/directory-sync/attributes/standard-attributes), [auto-mapped attributes](/directory-sync/attributes/custom-attributes/auto-mapped-attributes), or [custom-mapped attributes](/directory-sync/attributes/custom-attributes/custom-mapped-attributes).
|
|
75
|
+
|
|
76
|
+
- | Lifecycle
|
|
77
|
+
|
|
78
|
+
<DirectorySyncDiagram.UserUpdated />
|
|
79
|
+
|
|
80
|
+
- | Payload
|
|
81
|
+
|
|
82
|
+
<CodeBlock title="Sample event object" file="event-dsync-user-updated" />
|
|
83
|
+
|
|
84
|
+
The payload for `dsync.user.updated` event shows changes between directory group snapshots in the `previous_attributes` property.
|
|
85
|
+
|
|
86
|
+
The changes in the object are shallow differences for root properties, `raw_attributes`, and `custom_attributes`. If the current snapshot has a new attribute that did not exist previously, then the value for the attribute will be indicated as `null`.
|
|
87
|
+
|
|
88
|
+
### `dsync.user.deleted`
|
|
89
|
+
|
|
90
|
+
This event occurs when a user is hard-deleted from a directory. Typically, you would remove the user from your app in this case.
|
|
91
|
+
|
|
92
|
+
- | Lifecycle
|
|
93
|
+
|
|
94
|
+
<DirectorySyncDiagram.UserDeleted />
|
|
95
|
+
|
|
96
|
+
- | Payload
|
|
97
|
+
|
|
98
|
+
<CodeBlock title="Sample event object" file="event-dsync-user-deleted" />
|
|
99
|
+
|
|
100
|
+
When users are removed from a directory, most providers will use a form of soft user deletion. In these cases, rather than receiving a `dsync.user.deleted` event, you will receive a `dsync.user.updated` event with the user’s `state` marked as `inactive`.
|
|
101
|
+
|
|
102
|
+
> After Oct. 19, 2023, all new environments will delete Directory Users that get moved to the "inactive" state. If you would like to retain these users, please reach out to support. You can find [more details here](/directory-sync/handle-inactive-users).
|
|
103
|
+
|
|
104
|
+
---
|
|
105
|
+
|
|
106
|
+
## Directory group events
|
|
107
|
+
|
|
108
|
+
### `dsync.group.created`
|
|
109
|
+
|
|
110
|
+
This event occurs when creating a directory group in the directory provider. WorkOS also sends this event when a directory connection is established.
|
|
111
|
+
|
|
112
|
+
- | Lifecycle
|
|
113
|
+
|
|
114
|
+
<DirectorySyncDiagram.GroupCreated />
|
|
115
|
+
|
|
116
|
+
- | Payload
|
|
117
|
+
|
|
118
|
+
<CodeBlock title="Sample event object" file="event-dsync-group-created" />
|
|
119
|
+
|
|
120
|
+
When WorkOS ingests this event, it first processes the users in the group. So, in most cases, you would receive `dsync.user.created`, then `dsync.group.created`, and finally, `dsync.group.user_added`.
|
|
121
|
+
|
|
122
|
+
For more information on best practices for out-of-sequence events, see the [data syncing guide](/events/data-syncing).
|
|
123
|
+
|
|
124
|
+
### `dsync.group.updated`
|
|
125
|
+
|
|
126
|
+
This event is sent when an attribute of a directory group has changed.
|
|
127
|
+
|
|
128
|
+
- | Lifecycle
|
|
129
|
+
|
|
130
|
+
<DirectorySyncDiagram.GroupUpdated />
|
|
131
|
+
|
|
132
|
+
- | Payload
|
|
133
|
+
|
|
134
|
+
<CodeBlock title="Sample event object" file="event-dsync-group-updated" />
|
|
135
|
+
|
|
136
|
+
The payload for `dsync.group.updated` events shows changes between directory group snapshots in the `previous_attributes` property.
|
|
137
|
+
|
|
138
|
+
The changes in the object are shallow differences for root properties, `raw_attributes`, and `custom_attributes`. If the current snapshot has a new attribute that did not exist previously, then the value for the attribute will be indicated as `null`.
|
|
139
|
+
|
|
140
|
+
### `dsync.group.deleted`
|
|
141
|
+
|
|
142
|
+
This event occurs when deleting a directory group in the directory provider.
|
|
143
|
+
|
|
144
|
+
When a `dsync.group.deleted` event is received, it indicates that the members in that group have been deleted in WorkOS. You can process the `dsync.group.deleted` event accordingly in your application, removing the group's members from your application or marking them as deleted. `dsync.group.user_removed` events will not be sent for the members in the deleted group.
|
|
145
|
+
|
|
146
|
+
- | Lifecycle
|
|
147
|
+
|
|
148
|
+
<DirectorySyncDiagram.GroupDeleted />
|
|
149
|
+
|
|
150
|
+
- | Payload
|
|
151
|
+
|
|
152
|
+
<CodeBlock title="Sample event object" file="event-dsync-group-deleted" />
|
|
153
|
+
|
|
154
|
+
If your app relies on groups to sync users or map roles, you should remove access for the users who belonged to the deleted group.
|
|
155
|
+
|
|
156
|
+
### `dsync.group.user_added`
|
|
157
|
+
|
|
158
|
+
This event occurs when adding a directory user to a directory group.
|
|
159
|
+
|
|
160
|
+
- | Lifecycle
|
|
161
|
+
|
|
162
|
+
<DirectorySyncDiagram.GroupUserAdded />
|
|
163
|
+
|
|
164
|
+
- | Payload
|
|
165
|
+
|
|
166
|
+
<CodeBlock title="Sample event object" file="event-dsync-group-user-added" />
|
|
167
|
+
|
|
168
|
+
If you map roles using groups, you should assign the group’s role to the newly added user.
|
|
169
|
+
|
|
170
|
+
### `dsync.group.user_removed`
|
|
171
|
+
|
|
172
|
+
This event occurs when removing a directory user from a directory group.
|
|
173
|
+
|
|
174
|
+
- | Lifecycle
|
|
175
|
+
|
|
176
|
+
<DirectorySyncDiagram.GroupUserRemoved />
|
|
177
|
+
|
|
178
|
+
- | Payload
|
|
179
|
+
|
|
180
|
+
<CodeBlock
|
|
181
|
+
title="Sample event object"
|
|
182
|
+
file="event-dsync-group-user-removed"
|
|
183
|
+
/>
|
|
184
|
+
|
|
185
|
+
If you map roles using groups, you should remove the group’s role from the user who belonged to the group.
|
|
186
|
+
|
|
187
|
+
---
|
|
188
|
+
|
|
189
|
+
## Data reconciliation techniques
|
|
190
|
+
|
|
191
|
+
### With the WorkOS state API
|
|
192
|
+
|
|
193
|
+
The WorkOS API allows for data reconciliation for your app. You can use the WorkOS API to pull the latest data to reconcile any data discrepancies between WorkOS and your app.
|
|
194
|
+
|
|
195
|
+
A standard method apps use for data reconciliation is to set up a cron job that pulls from the WorkOS API on a consistent interval, e.g., every 1 to 6 hours, depending on your app’s user provisioning volume.
|
|
196
|
+
|
|
197
|
+
> **Known issue:** Keeping track of WorkOS updated timestamps is of limited use right now because group membership changes for users do not alter the WorkOS `updated_at` timestamp. We're actively working on this issue.
|
|
198
|
+
|
|
199
|
+
The general approach for performing a full sync of Directory Sync objects goes as follows:
|
|
200
|
+
|
|
201
|
+
1. Traverse all directory groups and update all local objects.
|
|
202
|
+
2. Traverse all directory users and update all local objects.
|
|
203
|
+
3. Extract group membership information from each user. Compare with local membership state. Add and remove memberships accordingly.
|
|
204
|
+
4. Compare the list of local users to all users seen in WorkOS traversal. Deactivate any users that exist locally but not on WorkOS.
|
|
205
|
+
5. Compare the list of local groups to all groups seen on WorkOS traversal. Deactivate any groups that exist locally but not on WorkOS.
|
|
206
|
+
|
|
207
|
+
### With the events API
|
|
208
|
+
|
|
209
|
+
You can also reconcile directory data using the events API. See our [data syncing guide](/events/data-syncing/data-reconciliation) to learn more.
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: API
|
|
3
|
+
description: Programmatic domain verification
|
|
4
|
+
showNextPage: true
|
|
5
|
+
originalPath: .tmp-workos-clone/packages/docs/content/domain-verification/api.mdx
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
Instead of leveraging the Admin Portal, the Domain Verification API can be used to verify domains programmatically.
|
|
9
|
+
|
|
10
|
+
Integrating with the API goes as follows:
|
|
11
|
+
|
|
12
|
+
1. Create an Organization Domain for an Organization
|
|
13
|
+
2. Share the token and setup instructions with the Organization owner (IT Admin)
|
|
14
|
+
3. Wait for the verification to complete
|
|
15
|
+
|
|
16
|
+
## Create a new Organization Domain
|
|
17
|
+
|
|
18
|
+
All domains belong to an [Organization](/reference/organization). In order to create and verify a domain, an Organization must first be [created](/reference/organization/create).
|
|
19
|
+
|
|
20
|
+
<CodeBlock title="Create an Organization Domain">
|
|
21
|
+
<CodeBlockTab title="Request" file="create-organization-domain" />
|
|
22
|
+
<CodeBlockTab title="Response" file="create-organization-domain-response" />
|
|
23
|
+
</CodeBlock>
|
|
24
|
+
|
|
25
|
+
The `verification_token` returned can then be set as the value of a TXT record that WorkOS will periodically check until the record is found. The TXT record for the above response example would be:
|
|
26
|
+
|
|
27
|
+
- Name: `domain-to-verify.com`
|
|
28
|
+
- Value: `verification_token=3CVZxo4HgvSiYRKlV4RdOWwWl`
|
|
29
|
+
|
|
30
|
+
## Get a domain
|
|
31
|
+
|
|
32
|
+
Fetch an existing domain and it’s current verification status. This endpoint can be polled once verification has been initiated to determine if verification has been successful.
|
|
33
|
+
|
|
34
|
+
<CodeBlock title="Fetch an Organization Domain">
|
|
35
|
+
<CodeBlockTab title="Request" file="get-organization-domain" />
|
|
36
|
+
<CodeBlockTab title="Response" file="get-organization-domain-response" />
|
|
37
|
+
</CodeBlock>
|
|
38
|
+
|
|
39
|
+
Possible `state` values:
|
|
40
|
+
|
|
41
|
+
- `pending`: domain verification has been initiated and not yet completed
|
|
42
|
+
- `verified`: domain has been verified
|
|
43
|
+
- `failed`: domain was not able to be verified
|
|
44
|
+
|
|
45
|
+
Possible `verification_strategy` values:
|
|
46
|
+
|
|
47
|
+
- `dns`: domain is verified with the DNS flow
|
|
48
|
+
- `developer`: domain is verified by a person or a system, without running the DNS flow
|
|
49
|
+
|
|
50
|
+
## Initiate verification for existing domain
|
|
51
|
+
|
|
52
|
+
If a domain has not successfully verified within thirty days and moves to the `failed` state, verification can be restarted manually.
|
|
53
|
+
|
|
54
|
+
<CodeBlock title="Verify an existing Organization Domain">
|
|
55
|
+
<CodeBlockTab title="Request" file="verify-existing-organization-domain" />
|
|
56
|
+
<CodeBlockTab
|
|
57
|
+
title="Response"
|
|
58
|
+
file="verify-existing-organization-domain-response"
|
|
59
|
+
/>
|
|
60
|
+
</CodeBlock>
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: Domain Verification
|
|
3
|
+
description: Self-serve domain verification
|
|
4
|
+
showNextPage: true
|
|
5
|
+
originalPath: .tmp-workos-clone/packages/docs/content/domain-verification/index.mdx
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# Introduction
|
|
9
|
+
|
|
10
|
+
Domain Verification allows your customers to claim ownership of a domain. Once they have claimed ownership, features that require a higher level of trust and security can be activated.
|
|
11
|
+
|
|
12
|
+
WorkOS Domain Verification provides a self-serve flow through the Admin Portal in which IT Admins can prove ownership through the creation of DNS TXT records.
|
|
13
|
+
|
|
14
|
+
## Before getting started
|
|
15
|
+
|
|
16
|
+
You’ll need a [WorkOS account](https://dashboard.workos.com/).
|
|
17
|
+
|
|
18
|
+
### API object definitions
|
|
19
|
+
|
|
20
|
+
[Organization](/reference/organization)
|
|
21
|
+
: Describes an organization whose users sign in with a SSO Connection, or whose users are synced with a Directory Sync Connection.
|
|
22
|
+
|
|
23
|
+
[Organization Domain](/reference/organization-domain)
|
|
24
|
+
: Describes a domain associated to an organization, verified or unverified.
|
|
25
|
+
|
|
26
|
+
[Portal Link](/reference/admin-portal/portal-link)
|
|
27
|
+
: A temporary link to initiate an Admin Portal session. Valid for 5 minutes.
|
|
28
|
+
|
|
29
|
+
All domains belong to an [Organization](/reference/organization). In order to create and verify a domain through the Admin Portal, an Organization must first be [created](/reference/organization/create).
|
|
30
|
+
|
|
31
|
+
## (A) Setup link from the WorkOS dashboard
|
|
32
|
+
|
|
33
|
+
- Sign in to your [WorksOS dashboard](https://dashboard.workos.com/) account and create or locate an Organization.
|
|
34
|
+
- Click the “Invite Admin” button, select **Domain Verification** then click “Next." Enter the email of the IT admin for the organization to automatically send them a setup link, or click "Copy setup link".
|
|
35
|
+
|
|
36
|
+
If you chose to copy the setup link you can share it over email, Slack or direct message. We also recommend including details on what the link does and how long the link is active.
|
|
37
|
+
|
|
38
|
+
|
|
39
|
+
|
|
40
|
+
## (B) Integrate with your app
|
|
41
|
+
|
|
42
|
+
Admin Portal links can also be programmatically generated for the domain verification flow. This can be used to provide a link to the Admin Portal flow directly in your application.
|
|
43
|
+
|
|
44
|
+
You’ll have to generate the link with the `domain_verification` intent:
|
|
45
|
+
|
|
46
|
+
<CodeBlock
|
|
47
|
+
title="Create Admin Portal Link for Domain Verification"
|
|
48
|
+
file="create-admin-portal-link"
|
|
49
|
+
/>
|
|
50
|
+
|
|
51
|
+
Please refer to the [Admin Portal Integration Guide](/admin-portal/b-integrate-with-your-app) for additional integration details.
|
|
52
|
+
|
|
53
|
+
---
|
|
54
|
+
|
|
55
|
+
## Admin Portal domain verification
|
|
56
|
+
|
|
57
|
+
After receiving the invitation and clicking on the setup link, the organization's admin is prompted to enter the domain they wish to verify.
|
|
58
|
+
|
|
59
|
+
|
|
60
|
+
|
|
61
|
+
If the domain is valid, we identify the DNS service provider and offer custom setup instructions.
|
|
62
|
+
|
|
63
|
+
The admin will find instruction to add a DNS TXT record with a token generated by our system.
|
|
64
|
+
|
|
65
|
+
|
|
66
|
+
|
|
67
|
+
When we detect and verify the DNS record, we will mark the domain as `verified` and dispatch a [domain verification event](/events) to inform your application.
|