UI events from the embedded admin portal
Learn how to listen for and handle UI events from the embedded admin portal, such as SSO connection status and session expiration.
The embedded admin portal emits browser events that allow your application to respond to configuration changes made by organization admins. Use these events to provide real-time feedback, update your UI, sync configuration state, or trigger workflows in your application.
Common use cases include displaying success notifications when SSO is configured, refreshing authentication settings after directory sync is enabled, or prompting users to re-authenticate when their admin portal session expires.
Listening to admin portal events
Section titled “Listening to admin portal events”Add an event listener to your parent window to receive events from the embedded admin portal iframe:
window.addEventListener('message', (event) => { // Security: Always validate the event origin matches your Scalekit environment if (event.origin !== 'https://your-env.scalekit.com') { return; // Ignore events from untrusted sources }
// Check if this is a valid admin portal event if (event.data && event.data.event_type) { const { event_type, organization_id, data } = event.data;
// Handle specific event types switch (event_type) { case 'ORGANIZATION_SSO_ENABLED': // Show success notification, refresh SSO settings, etc. showNotification('SSO enabled successfully'); break;
case 'PORTAL_SESSION_EXPIRY': // Prompt user to refresh the admin portal promptSessionRefresh(); break;
default: console.log('Received event:', event.data); } }});SSO events
Section titled “SSO events”ORGANIZATION_SSO_ENABLED
Section titled “ORGANIZATION_SSO_ENABLED”Fires when an organization admin successfully enables a Single Sign-On connection in the admin portal.
{ "event_type": "ORGANIZATION_SSO_ENABLED", "object": "connection", "organization_id": "org_4010340X34236531", // Organization that enabled SSO "message": "Single sign-on connection enabled successfully", "data": { "connection_type": "SSO", "id": "conn_4256075523X312", // Connection ID for API calls "type": "OIDC", // Protocol: OIDC or SAML "provider": "OKTA", // Identity provider configured "enabled": true }}| Field | Type | Description |
|---|---|---|
event_type | string | The type of event being triggered |
object | string | The object type associated with the event |
organization_id | string | Unique identifier for the organization |
message | string | Human-readable message describing the event |
data.connection_type | string | Type of connection (SSO) |
data.id | string | Unique identifier for the connection |
data.type | string | Protocol type (e.g., OIDC, SAML) |
data.provider | string | Identity provider name |
data.enabled | boolean | Indicates if the connection is enabled |
ORGANIZATION_SSO_DISABLED
Section titled “ORGANIZATION_SSO_DISABLED”Fires when an organization admin disables their Single Sign-On connection in the admin portal.
{ "event_type": "ORGANIZATION_SSO_DISABLED", "object": "connection", "organization_id": "org_4010340X34236531", // Organization that disabled SSO "message": "Single sign-on connection disabled successfully", "data": { "connection_type": "SSO", "id": "conn_4256075523X312", // Connection ID that was disabled "type": "OIDC", // Protocol: OIDC or SAML "provider": "OKTA", // Identity provider that was configured "enabled": false }}| Field | Type | Description |
|---|---|---|
event_type | string | The type of event being triggered |
object | string | The object type associated with the event |
organization_id | string | Unique identifier for the organization |
message | string | Human-readable message describing the event |
data.connection_type | string | Type of connection (SSO) |
data.id | string | Unique identifier for the connection |
data.type | string | Protocol type (e.g., OIDC, SAML) |
data.provider | string | Identity provider name |
data.enabled | boolean | Indicates if the connection is enabled |
Session events
Section titled “Session events”PORTAL_SESSION_WARNING
Section titled “PORTAL_SESSION_WARNING”Fires when the admin portal session is about to expire (typically 5 minutes before expiration). Use this to prompt users to save their work or refresh their session.
{ "event_type": "PORTAL_SESSION_WARNING", "object": "session", "message": "The admin portal session will expire in 5 minutes", "organization_id": "org_43982563588440584", "data": { "expiry": "2025-02-28T12:40:35.911Z" // ISO 8601 timestamp when session expires }}| Field | Type | Description |
|---|---|---|
event_type | string | The type of event being triggered |
object | string | The object type associated with the event |
organization_id | string | Unique identifier for the organization |
message | string | Human-readable message describing the event |
data.expiry | string | ISO 8601 timestamp indicating when the session will expire |
PORTAL_SESSION_EXPIRY
Section titled “PORTAL_SESSION_EXPIRY”Fires when the admin portal session has expired. Use this to hide the admin portal iframe and prompt users to re-authenticate.
{ "event_type": "PORTAL_SESSION_EXPIRY", "object": "session", "message": "The admin portal session has expired", "organization_id": "org_43982563588440584", "data": { "expiry": "2025-02-28T12:40:35.911Z" // ISO 8601 timestamp when session expired }}| Field | Type | Description |
|---|---|---|
event_type | string | The type of event being triggered |
object | string | The object type associated with the event |
organization_id | string | Unique identifier for the organization |
message | string | Human-readable message describing the event |
data.expiry | string | ISO 8601 timestamp indicating when the session expired |
Directory events
Section titled “Directory events”ORGANIZATION_DIRECTORY_ENABLED
Section titled “ORGANIZATION_DIRECTORY_ENABLED”Fires when an organization admin successfully configures and enables SCIM directory provisioning in the admin portal.
{ "event_type": "ORGANIZATION_DIRECTORY_ENABLED", "object": "directory", "organization_id": "org_45716217859670289", // Organization that enabled directory sync "message": "SCIM Provisioning enabled successfully", "data": { "directory_type": "SCIM", // Directory protocol type "id": "dir_45716228982964495", // Directory connection ID for API calls "provider": "MICROSOFT_AD", // Identity provider: OKTA, AZURE_AD, GOOGLE, etc. "enabled": true }}| Field | Type | Description |
|---|---|---|
event_type | string | The type of event being triggered |
object | string | The object type associated with the event |
organization_id | string | Unique identifier for the organization |
message | string | Human-readable message describing the event |
data.directory_type | string | Type of directory synchronization (SCIM) |
data.id | string | Unique identifier for the directory connection |
data.provider | string | Identity provider name |
data.enabled | boolean | Indicates if the directory sync is enabled |
ORGANIZATION_DIRECTORY_DISABLED
Section titled “ORGANIZATION_DIRECTORY_DISABLED”Fires when an organization admin disables SCIM directory provisioning in the admin portal.
{ "event_type": "ORGANIZATION_DIRECTORY_DISABLED", "object": "directory", "organization_id": "org_45716217859670289", // Organization that disabled directory sync "message": "SCIM Provisioning disabled successfully", "data": { "directory_type": "SCIM", // Directory protocol type "id": "dir_45716228982964495", // Directory connection ID that was disabled "provider": "MICROSOFT_AD", // Identity provider that was configured "enabled": false }}| Field | Type | Description |
|---|---|---|
event_type | string | The type of event being triggered |
object | string | The object type associated with the event |
organization_id | string | Unique identifier for the organization |
message | string | Human-readable message describing the event |
data.directory_type | string | Type of directory synchronization (SCIM) |
data.id | string | Unique identifier for the directory connection |
data.provider | string | Identity provider name |
data.enabled | boolean | Indicates if the directory sync is enabled |
Complete event handler Example
Section titled “Complete event handler ”Here’s a complete example showing how to handle all admin portal events in a production application:
// Initialize event handling for the admin portalfunction initAdminPortalEventHandling(scalekitEnvironmentUrl) { window.addEventListener('message', (event) => { // Security: Validate event origin if (event.origin !== scalekitEnvironmentUrl) { return; }
if (!event.data || !event.data.event_type) { return; }
const { event_type, organization_id, data, message } = event.data;
// Log all events for debugging console.log('[Admin Portal Event]', { event_type, organization_id, data });
switch (event_type) { case 'ORGANIZATION_SSO_ENABLED': handleSSOEnabled(organization_id, data); break;
case 'ORGANIZATION_SSO_DISABLED': handleSSODisabled(organization_id, data); break;
case 'ORGANIZATION_DIRECTORY_ENABLED': handleDirectoryEnabled(organization_id, data); break;
case 'ORGANIZATION_DIRECTORY_DISABLED': handleDirectoryDisabled(organization_id, data); break;
case 'PORTAL_SESSION_WARNING': handleSessionWarning(data.expiry); break;
case 'PORTAL_SESSION_EXPIRY': handleSessionExpiry(); break;
default: console.warn('Unknown event type:', event_type); } });}
function handleSSOEnabled(orgId, data) { // Show success notification showToast('success', `SSO enabled successfully with ${data.provider}`);
// Sync configuration to your backend fetch('/api/organizations/${orgId}/sync-sso', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ connectionId: data.id, provider: data.provider }) });
// Update UI to reflect SSO is active updateOrganizationUI(orgId, { ssoEnabled: true });}
function handleSessionWarning(expiryTime) { const expiryDate = new Date(expiryTime); const minutesLeft = Math.round((expiryDate - new Date()) / 60000);
showNotification({ type: 'warning', message: `Your admin session will expire in ${minutesLeft} minutes`, action: { label: 'Refresh Session', onClick: () => window.location.reload() } });}
function handleSessionExpiry() { // Hide the admin portal iframe document.getElementById('admin-portal-iframe').style.display = 'none';
// Show message to user showModal({ title: 'Session Expired', message: 'Your admin portal session has expired. Please refresh to continue.', action: { label: 'Refresh Page', onClick: () => window.location.reload() } });}
// Initialize when your app loadsinitAdminPortalEventHandling('https://your-env.scalekit.com');