Provision Users
Automatically authenticate your SaaS users to your Activepieces instance
This feature is available in our paid editions. Contact us here, and we'll be delighted to assist you!
Overview
In Activepieces, there are Projects and Users. Each project is provisioned with their corresponding workspace, project, or team in your SaaS. The users are then mapped to the respective users in Activepieces.
To achieve this, the backend will generate a signed token that contains all the necessary information to automatically create a user and project. If the user or project already exists, it will skip the creation and log in the user directly.
Step 1: Obtain Signing Key
You can generate a signing key by going to Platform Settings -> Signing Keys -> Generate Signing Key.
This will generate a public and private key pair. The public key will be used by Activepieces to verify the signature of the JWT tokens you send. The private key will be used by you to sign the JWT tokens.
Please store your private key in a safe place, as it will not be stored in Activepieces.
Step 2: Generate a JWT
The signing key will be used to generate JWT tokens for the currently logged-in user on your website, which will then be sent to the Activepieces Iframe as a query parameter to authenticate the user.
To generate these tokens, you will need to add code in your backend to generate the token using the RS256 algorithm, so the JWT header would look like this:
To obtain the SIGNING_KEY_ID, refer to the signing key table and locate the value in the first column.
{
"alg": "RS256",
"typ": "JWT",
"kid": "SIGNING_KEY_ID"
}
The signed tokens must include these claims in the payload:
{
"externalUserId": "user_id",
"externalProjectId": "user_project_id",
"firstName": "John",
"lastName": "Doe",
"email": "[email protected]",
"role": "EDITOR",
"pieces": {
"filterType": "NONE"
},
"exp": 1856563200
}
| Claim | Description |
|---|---|
| externalUserId | Unique identification of the user in your software |
| externalProjectId | Unique identification of the user’s project in your software |
| firstName | First name of the user |
| lastName | Last name of the user |
| Email address of the user | |
| role | Role of the user in the Activepieces project (e.g., EDITOR, VIEWER) |
| exp | Expiry timestamp for the token (Unix timestamp) |
| pieces | Customize project pieces, check the section below |
You can use any JWT library to generate the token. Here is an example using the jsonwebtoken library in Node.js:
You can also use this tool to generate a quick example.
const jwt = require('jsonwebtoken');
// JWT NumericDates specified in seconds:
const currentTime = Math.floor(Date.now() / 1000);
let token = jwt.sign(
{
externalUserId: "user_id",
externalProjectId: "user_project_id",
firstName: "John",
lastName: "Doe",
role: "EDITOR",
email: "[email protected]",
pieces: {
filterType: "NONE"
},
exp: currentTime + (24 * 60 * 60), // 1 day from now
},
process.env.ACTIVEPIECES_SIGNING_KEY,
{
algorithm: "RS256",
header: {
kid: signingKeyID, // Include the "kid" in the header
},
}
);
Once you have generated the token, please check the embedding docs to know how to embed the token in the iframe.