Admin Widgets

Descope Admin Widgets provide powerful components that enable administrators to manage their organization's users, roles, access keys, and audit logs. These widgets allow administrators to handle various management tasks directly within your application.

In order for a user to use the admin widgets they must be assigned to a role that has the "User Admin" permission for the specific tenant (you can use the built-in "Tenant Admin" role)

Overview

Admin Widgets are designed to handle different aspects of administrative management:

User Management Widget: Enables administrators to manage user accounts, including creating, editing, and managing user access.
Role Management Widget: Allows administrators to create and manage roles and their associated permissions.
Access Key Management Widget: Provides tools for managing machine-to-machine access keys.
Audit Widget: Offers visibility into user actions and system events through comprehensive audit logs.
Tenant Profile Widget: Allows administrators to manage the profile attributes of their tenant.

The User Management Widget provides administrators with comprehensive tools to manage user accounts within their organization. This widget enables administrators to:

Create new user accounts
Edit existing user information
Activate or disable user accounts
Reset user passwords
Remove user passkeys
Delete user accounts

You can also add functionality to perform custom logic on users by adding a custom button to the widget, and modifying the flow for the button.

Note

Custom fields will also appear in the user management table.

import { UserManagement } from '@descope/react-sdk';
...
  <UserManagement
    widgetId="user-management-widget"
    tenant="tenant-id"
    onReady={() => {
      console.log('Widget is ready');
    }}
  />

Note

Delegating permission and role creation to tenant admins requires having delegation roles created and associated to the tenant admin. An example can be shown here.

The Role Management Widget enables administrators to create and manage roles within their organization. This widget allows administrators to:

Create new roles
Modify existing role permissions
Delete roles

You cannot modify any underlying behavior of the role management widget components, as there are no default flows to modify.

Notes

The Editable field is determined by the user's access to the role - meaning that project-level roles are not editable by tenant level users.
You need to pre-define the permissions that the user can use, which are not editable in the widget.

import { RoleManagement } from '@descope/react-sdk';
...
  <RoleManagement
    widgetId="role-management-widget"
    tenant="tenant-id"
    onReady={() => {
      console.log('Widget is ready');
    }}
  />

The Access Key Management Widget provides tools to manage Access Keys for machine-to-machine authentication. This widget enables users to:

Create new access keys
Activate or deactivate existing access keys
Delete access keys

Supported Use Cases

The Access Key Management Widget automatically adapts its behavior based on the user's permissions and tenant association.

Users with a valid JWT, who are not associated with a tenant, can generate and manage access keys for themselves, with keys automatically bound to their user identity.

For users associated with a tenant (including Tenant Admins), the widget allows them to generate and manage their own access keys within the tenant context. However, users with the Tenant Admin role have additional capabilities—they can generate and manage access keys on behalf of other users in their tenant, with these keys bound to the target user rather than the admin who created them.

The widget automatically determines which functionality to display based on whether the user has the User Admin or Tenant Admin permission, their tenant association, and their role and permission level.

You cannot modify any underlying behavior of the access key management widget components, as there are no default flows to modify.

import { AccessKeyManagement } from '@descope/react-sdk';
...
  <AccessKeyManagement
    widgetId="access-key-management-widget"
    tenant="tenant-id"
    onReady={() => {
      console.log('Widget is ready');
    }}
  />

The Audit Widget provides administrators with visibility into user actions and system events. This widget includes all tenant authentication events and custom audit events, allowing administrators to:

Monitor user activities
Track system events
Review authentication attempts
View custom audit events

You cannot modify any underlying behavior of the audit widget components, as there are no default flows to modify.

When creating the widget, you can configure the Visible event types, where you can define a list of events you would like to include in the widget. By default, all audit events will be visible.

Filtering Columns

You can filter the columns that are displayed in the audit widget by selecting or removing Columns under the Design tab on the right, under Content.

import { AuditManagement } from '@descope/react-sdk';
...
  <AuditManagement
    widgetId="access-key-management-widget"
    tenant="tenant-id"
    onReady={() => {
      console.log('Widget is ready');
    }}
  />

The Tenant Profile Widget enables tenant administrators to manage their tenant's properties and configuration. This widget allows administrators to:

Update the tenant name
Modify custom attributes for the tenant
Manage email domains associated with the tenant
Configure SSO enforcement settings, including modifying an SSO exclusion list
Access SSO configuration, including generating and revoking a link for the tenant's SSO Setup Suite

You can modify the behavior of the tenant profile widget functions by modifying the default flows for each component in the widget. You cannot, however, add custom buttons to the widget.

import { TenantProfile } from '@descope/react-sdk';
...
  <TenantProfile
    widgetId="tenant-profile-widget"
    tenant="tenant-id"
    onReady={() => {
      console.log('Widget is ready');
    }}
  />

Was this helpful?

On this page