Permission Management
Overview
Using the permissions management APIs enables administrators to manage their permissions utilizing a management key.
Management keys are generated from Company > Management Keys. These keys will be used within the bearer token. The format is <Project ID>:<Management Key>
.
Use Cases
SSO Management:
- Load All Permissions
- Create Permission
- Update Permission
- Delete Permission
Examples
Example - Configure a new permission and apply it to a role
- Utilize the Create Permission api endpoint to create a new permission.
- Utilize the Create Role or Update Role api endpoints to apply the permission to a role.
Load All Members of a specific External Group POST
### Load all members of a specific External group, using a valid management key. This API endpoint allows administrators to load all members of a specific external group that is associated to a tenant. The response contains an array of group objects including the group id, display name, and an array of associated members. ### Next Steps Administrators can review this information and make changes within their IdP or if necessary, [Create a SCIM Group](/api/management/tenants/scim/create-scim-group), [Update an Existing SCIM Group (adding new members)](/api/management/tenants/scim/update-scim-group), or [Delete an Existing SCIM Group](/api/management/tenants/scim/delete-scim-group) ### See also - See [SSO Configuration](/sso) for further details on managing SSO Configurations on a tenant. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <ProjectId:ManagementKey>`
Load All Permission GET
### Load all permissions, using a valid management key. This API endpoint returns details all permissions configured within the Descope instance. The response includes an array of permissions and these details of each permission: - name - description - systemDefault ### Next Steps Once you have this data, you can utilize the response to [Create Roles](/api/management/roles/create-role) or [Update Roles](/api/management/roles/update-role) ### See also - See [User Authorization](/manage/roles/) for further details on managing roles and permissions. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <ProjectId:ManagementKey>`