Stats
Actions
Tags
From modular-scim
Implements Scalekit's admin portal for customer self-serve SSO and SCIM configuration. Generates portal links server-side and embeds the portal as an iframe in the app's settings UI. Use when the user asks to add an admin portal, customer self-serve SCIM setup, iframe embed for directory sync config, shareable setup link, or let customers configure their own SSO or SCIM connection.
How this skill is triggered — by the user, by Claude, or both
Slash command
/modular-scim:implementing-admin-portalThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Adds a self-serve portal where customers configure their own SSO and SCIM settings — embedded inside your app's settings UI.
Adds a self-serve portal where customers configure their own SSO and SCIM settings — embedded inside your app's settings UI.
If the user only needs a quick shareable link with no code (e.g., for a one-time onboarding call), skip to the Shareable link section at the bottom.
Admin Portal Implementation Progress:
- [ ] Step 1: Install SDK
- [ ] Step 2: Set environment credentials
- [ ] Step 3: Register app domain in dashboard
- [ ] Step 4: Generate portal link (server-side)
- [ ] Step 5: Render iframe (client-side)
- [ ] Step 6: Handle session expiry events
- [ ] Step 7: Verify portal loads and events fire correctly
Detect the project's language/framework from existing files and install:
| Stack | Install |
|---|---|
| Node.js | npm install @scalekit-sdk/node |
| Python | pip install scalekit-sdk |
| Go | go get github.com/scalekit/scalekit-go |
| Java | Add com.scalekit:scalekit-sdk to pom.xml |
Add to .env (never hardcode):
SCALEKIT_ENVIRONMENT_URL='https://<your-env>.scalekit.com'
SCALEKIT_CLIENT_ID='<CLIENT_ID>'
SCALEKIT_CLIENT_SECRET='<CLIENT_SECRET>'
Credentials are in Dashboard > Developers > Settings > API Credentials.
In Dashboard > Developers > API Configuration > Redirect URIs, add the domain where the portal will be embedded. The iframe will be blocked if this is missing.
Generate a new link on every page load — links are single-use. Plug into the existing route or controller that serves the settings/admin page:
Node.js:
const { location } = await scalekit.organization.generatePortalLink(organizationId);
// Pass `location` to the frontend as a template variable or API response
Python:
portal = scalekit_client.organization.generate_portal_link(organization_id)
location = portal.location
# Pass `location` to your template or JSON response
Never cache this value — each link is single-use and will fail if reused.
In the frontend settings/admin template, inject location as the src:
<iframe
src="{{ portalLink }}"
width="100%"
height="600px"
frameborder="0"
allow="clipboard-write"
></iframe>
Minimum recommended height: 600px. Match the variable name to the project's existing templating convention.
Listen for messages from the iframe to react to configuration changes and session expiry:
window.addEventListener('message', (event) => {
if (event.origin !== process.env.SCALEKIT_ENVIRONMENT_URL) return;
const { type } = event.data;
switch (type) {
case 'SCIM_CONFIGURED':
// Refresh org SCIM status, show success banner, etc.
break;
case 'SSO_CONFIGURED':
// Refresh org SSO status if SSO is also in scope
break;
case 'SESSION_EXPIRED':
// Re-fetch a new portal link and reload the iframe src
reloadPortalIframe();
break;
}
});
SESSION_EXPIRED handling is required — without it the portal silently breaks for long-lived sessions.
SCIM_CONFIGURED firesSESSION_EXPIRED triggers a link refreshConfigure at Dashboard > Settings > Branding: logo, accent color, favicon. Custom domain support (e.g., scim.yourapp.com) is available in the Scalekit dashboard.
CLIENT_SECRET to the browserSESSION_EXPIRED — re-generate and reload, don't let it fail silentlyFor one-time onboarding calls or zero-engineering setup: go to Dashboard > Organizations, select the org, click Generate link, and share the URL directly. The link gives anyone who has it full access to configure that org's SSO/SCIM settings — use the iframe approach for production. Also share Scalekit's SCIM setup guides so the IT admin has provider-specific directory sync steps alongside the portal link.
npx claudepluginhub scalekit-inc/claude-code-authstack --plugin modular-scimIntegrates WorkOS Widgets for User Management, User Profile, Admin Portal SSO Connection, and Domain Verification into Next.js, React Router, SvelteKit, Ruby, Python, Go, PHP, Java apps. Detects stack, auth flows, and implements with OpenAPI spec.
Implements Clerk enterprise SSO (SAML/OIDC), custom RBAC roles/permissions, and organization management in Next.js apps.
Enables multi-tenant B2B SaaS with Clerk Organizations: org switching, role-based access, verified domains, enterprise SSO. Use for team workspaces, RBAC, org-based routing, member management.