Flows

Management Flows

Management Flows are autonomous, backend operations that run without user interaction. Unlike Interactive Flows that handle user-facing authentication journeys, Management Flows provide automated responses to authentication events and user management tasks.

These flows are triggered by API calls from your backend systems rather than user interactions. You can call them in response to your own system events, audit logs, or scheduled tasks.

Creating Management Flows

You can create a new Management Flow from the Flows page of the Descope Console. Select Create from Scratch, set the flow Name and ID, and mark the Flow type as Management.

Create Management Flow

Designing Management Flows

Management Flows use a specialized set of backend-focused components designed for autonomous operations:

Available Components

  • Actions: Handle backend operations like user and tenant updates, updating consent, and generating audit events
  • Connectors: Provide integration with external systems and databases
  • Conditions: Enable logic branching based on data, events, or flow context

Interactive components like screens are not available in Management Flows, maintaining their focus on autonomous backend operations.

Flow Outputs with End Action

Every Management Flow should conclude with an End action that defines what data gets returned in the JSON response. In the End action, you can configure flow outputs by specifying the Key, Type, and Value.

These outputs will be included in the API response when the Management Flow completes, allowing you to retrieve processed data or confirmation of completed operations.

Management Flow End

Running Management Flows

Management Flows are executed via API calls using a Management Key for secure access to management operations. You can run a Management Flow by making a POST request to the Descope Management API.

For Management Flows that require input parameters, you can pass them using the options field. Any input will be available in the flow context through the client.<input-key> field.

Any outputs defined in the End Action will be returned as a JSON.

curl -X POST "https://api.descope.com/v1/mgmt/flow/run" \
  -H "Authorization: Bearer <Your Project ID>:<Your Management Key>" \
  -H "Content-Type: application/json" \
  -d '{ 
    "flowId": "your-mgmt-flow-id", 
    "options": {
      "input": { 
        "email": "name@example.com"
      }
    } 
  }'

Use Cases

Audit Event Automation

Use your own audit events to trigger Management Flows via API calls for real-time responses. For example, when your system detects a SCIM event, your backend can call a Management Flow that uses a Messaging Connector to send an alert to admins.

User Engagement Automation

Automate user lifecycle management through intelligent workflows, like sending follow-up emails to users who haven't accepted invites, or deleting users after a period of inactivity.

Dynamic Client Registration (DCR) Assessment Flow

You can define a Management Flow that will be triggered upon every inbound app registration with DCR. You can use a management flow and conditional logic to verify the OAuth client's attributes and request and set its verified status appropriately.

Was this helpful?

Flow Inputs

Learn how to configure and utilize Descope flow inputs within your application.

Authenticated Flows

In this article, you will learn how to start authenticated flows in Descope mobile sdks.

On this page