Descope Management
The Descope service enables granular configuration and management of their Descope instance. Within the Descope UI, you will see the manage section on the left-hand side. This area within the UI allows you to manage your users, access keys, tenants, and authorization and also contains your project's audit trail.
You can learn more about the various customizations and management under the following articles.
Management Keys
Descope allows you to manage your instance through the Descope SDK utilizing a management key. You can create, edit, and delete management keys within the Management Keys page within the Descope UI. When creating a management key, you will provide a name and expiration. Management keys can also be associated with specific projects within your company. The associated projects are configured during the creation of management keys and cannot be changed later. The options for expiring management keys are 30 days, 60 days, 90 days, or never. You will receive the key in clear text when creating a management key; ensure you safely store it, as you will not be able to view it again once. Once you have created a management key, you can utilize the management key and project id to use the management SDK or the management API.
Management Key Lifecycle
Management keys will continue to function as long as they are active and not expired. Once the management key is expired or deactivated, it will no longer be usable. Within the UI, you can deactivate (revoke) management keys; however, the management key will remain in the Descope project and may be reactivated if you choose to reactivate them. You can also delete management keys. Once a management key is deleted, it will no longer be usable. Deleting access keys will remove the access key's details from the Descope project.
Adding Permitted IPs to Management Keys
Management Keys in Descope supports an attribute for CIDR restrictions. Descopers can add IPs in the permitted IPs field by which they can restrict access to their Management service to just specific devices having specific originating IP addresses. The permitted IPs entered will be associated with that specific management key. This way, users have the ability to control restrictions on a per management key basis.
Management Key Roles
This section defines what roles the management key has. You can choose whether these roles are defined on a company level, for specific projects or for Descopers for SCIM only usage.
The roles available for Company level access are listed as follows:
| Roles | Description |
|---|---|
| Full Access | Full read and write access to all projects in region |
| User Testing | Read and write access to testing APIs only |
| Asset Management - Read Only | Read access to Users, Access Keys and Tenants in all projects in region |
| Asset Management - Read & Write | Full read and write access to Users, Access Keys and Tenants in all projects in region |
| Audit Handling | Read and write access to audit related APIs |
| Infra Management | Read Only |
| Infra Management - Read & Write | Full read and write access to general project resources such as AuthZ, Project settings, in all projects in region |
The roles available for Project level access are listed as follows:
| Roles | Description |
|---|---|
| Full Access | Full read and write access to the project |
| User Testing | Read and write access to testing APIs only |
| Asset Management - Read Only | Read access to Users, Access Keys and Tenants in project |
| Asset Management - Read & Write | |
| Audit Handling | Read and write access to audit related APIs |
| Infra Management - Read Only | Read access to general project resources such as AuthZ, Project settings, in project |
| Infra Management - Read & Write | Full read and write access to general project resources such as AuthZ, Project settings, in project |
Descoper Level access (SCIM): This level of access is when management key is used to perform SCIM related operations to control Descopers in your company.
Note
This scope is different from the above mentioned company/project level access as its referencing Descopers access level only with respect to SCIM versus referencing users on your company/project.