poduck/smoothschedule
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Activepieces integration for workflow automation

Browse Source 
- Add Activepieces fork with SmoothSchedule custom piece
- Create integrations app with Activepieces service layer
- Add embed token endpoint for iframe integration
- Create Automations page with embedded workflow builder
- Add sidebar visibility fix for embed mode
- Add list inactive customers endpoint to Public API
- Include SmoothSchedule triggers: event created/updated/cancelled
- Include SmoothSchedule actions: create/update/cancel events, list resources/services/customers

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
poduck
2025-12-18 22:59:37 -05:00
parent 9848268d34
commit 3aa7199503
16292 changed files with 1284892 additions and 4708 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
activepieces-fork/docs/admin-guide/guides/manage-oauth2.mdx Normal file
View File

@@ -0,0 +1,26 @@
---
title: "Override OAuth2 Apps"
description: "Use your own OAuth2 credentials instead of the default Activepieces apps"
icon: "lock"
---
<Snippet file="enterprise-feature.mdx" />
## Default Behavior
When users connect to services like Google Sheets or Slack, they see "Activepieces" as the app requesting access. This works out of the box with no setup required.
## Why Replace OAuth2 Apps?
- **Branding**: Show your company name instead of "Activepieces" in authorization screens
- **Higher Limits**: Some services have stricter rate limits for shared OAuth apps
- **Compliance**: Your organization may require using company-owned credentials
## How to Configure
1. Go to **Platform Admin → Setup → Pieces**
2. Find the piece you want to configure (e.g., Google Sheets)
3. Click the lock icon to open the OAuth2 settings
4. Enter your own Client ID and Client Secret
![Manage Oauth2 apps](/resources/screenshots/manage-oauth2.png)

88
activepieces-fork/docs/admin-guide/guides/manage-pieces.mdx Normal file
View File

@@ -0,0 +1,88 @@
---
title: "How to Manage Pieces"
description: "Control which integrations are available to your users"
icon: "puzzle-piece"
---
<Snippet file="enterprise-feature.mdx" />
## Overview
**Pieces** are the building blocks of Activepieces — they are integrations and connectors (like Google Sheets, Slack, OpenAI, etc.) that users can use in their automation flows.
As a platform administrator, you have full control over which pieces are available to your users. This allows you to:
- **Enforce security policies** by restricting access to certain integrations
- **Simplify the user experience** by showing only relevant pieces for your use case
- **Deploy custom/private pieces** that are specific to your organization
There are **two levels** of piece management:
| Level | Who Can Manage | Scope |
|-------|----------------|-------|
| **Platform Level** | Platform Admin | Install and remove across the entire platform |
| **Project Level** | Project Admin | Show/hide specific pieces for specfic project |
---
## Platform-Level Management
Platform administrators can manage pieces for the entire Activepieces instance from **Platform Admin → Setup → Pieces**.
## Project-Level Management
Project administrators can further restrict which pieces are available within their specific project. This is useful when different teams or projects need access to different integrations.
### Show/Hide Pieces in a Project
<Steps>
<Step title="Open Project Settings">
Navigate to your project and go to **Settings → Pieces**.
</Step>
<Step title="Configure Visibility">
You'll see a list of all pieces installed on the platform. Toggle the visibility for each piece:
- **Enabled**: Users in this project can use the piece
- **Disabled**: The piece is hidden from users in this project
</Step>
<Step title="Save Changes">
Changes take effect immediately — users will only see the enabled pieces when building their flows.
</Step>
</Steps>
![Manage Pieces](/resources/screenshots/manage-pieces.png)
![Manage Pieces](/resources/screenshots/manage-pieces-2.png)
<Note>
Project-level settings can only **hide** pieces that are installed at the platform level. You cannot add pieces at the project level that aren't already installed on the platform.
</Note>
### Install Private Pieces
<Tip>
For detailed instructions on building custom pieces, check the [Building Pieces](/build-pieces/building-pieces/overview) documentation.
</Tip>
If you've built a custom piece for your organization, you can upload it directly as a tarball (`.tgz`) file.
<Steps>
<Step title="Build Your Piece">
Build your piece using the Activepieces CLI:
```bash
npm run pieces -- build --name=your-piece-name
```
This generates a tarball in `dist/packages/pieces/your-piece-name`.
</Step>
<Step title="Navigate to Pieces Settings">
Go to **Platform Admin → Setup → Pieces** and click **Install Piece**.
</Step>
<Step title="Select File Upload">
Choose **Upload File** as the installation source.
</Step>
<Step title="Upload the Tarball">
Select the `.tgz` file from your build output and upload it.
</Step>
</Steps>
![Install Piece](/resources/screenshots/install-piece.png)

53
activepieces-fork/docs/admin-guide/guides/permissions.mdx Normal file
View File

@@ -0,0 +1,53 @@
---
title: "Manage User Roles"
description: "Documentation on project permissions in Activepieces"
icon: 'user'
---
<Snippet file="enterprise-feature.mdx" />
Activepieces utilizes Role-Based Access Control (RBAC) for managing permissions within projects. Each project consists of multiple flows and users, with each user assigned specific roles that define their actions within the project.
## Default Roles
Activepieces comes with four standard roles out of the box. The table below shows the permissions for each role:
| Permission | Admin | Editor | Operator | Viewer |
|------------|:-----:|:------:|:--------:|:------:|
| **Flows** |||||
| View Flows | ✓ | ✓ | ✓ | ✓ |
| Edit Flows | ✓ | ✓ | | |
| Publish / Toggle Flows | ✓ | ✓ | ✓ | |
| **Runs** |||||
| View Runs | ✓ | ✓ | ✓ | ✓ |
| Retry Runs | ✓ | ✓ | ✓ | |
| **Connections** |||||
| View Connections | ✓ | ✓ | ✓ | ✓ |
| Edit Connections | ✓ | ✓ | ✓ | |
| **Team** |||||
| View Project Members | ✓ | ✓ | ✓ | ✓ |
| Add/Remove Project Members | ✓ | | | |
| **Git Sync** | | | | |
| Configure Git Repo | ✓ | | | |
| Pull Flows from Git | ✓ | | | |
| Push Flows to Git | ✓ | | | |
## Custom Roles
If the default roles don't fit your needs, you can create custom roles with specific permissions.
<Steps>
<Step title="Navigate to Project Roles">
Go to **Platform Admin** → **Security** → **Project Roles**
</Step>
<Step title="Create a New Role">
Click **Create Role** and give it a name
</Step>
<Step title="Configure Permissions">
Select the specific permissions you want to grant to this role
</Step>
</Steps>
<Tip>
Custom roles are useful when you need fine-grained control, such as allowing users to view and retry runs without being able to edit flows.
</Tip>

31
activepieces-fork/docs/admin-guide/guides/setup-ai-providers.mdx Normal file
View File

@@ -0,0 +1,31 @@
---
title: "Setup AI Providers"
description: ""
icon: "sparkles"
---
AI providers are configured by the platform admin to centrally manage credentials and access, making [AI pieces](https://www.activepieces.com/pieces/ai) and their features available to everyone in all projects.
## Supported Providers
- **OpenAI**
- **Anthropic**
- **Gemini**
- **Vercel AI Gateway**
- **Cloudflare AI Gateway**
## How to Setup
Go to **Admin Console** → **AI** page. Add your provider's base URL and API key. These settings apply to all projects.
![Manage AI Providers](/resources/screenshots/configure-ai-provider.png)
## Cost Control & Logging
Use an AI gateway like **Vercel AI Gateway** or **Cloudflare AI Gateway** to:
- Set rate limits and budgets
- Log and monitor all AI requests
- Track usage across projects
Just set the gateway URL as your provider's base URL in the Admin Console.

223
activepieces-fork/docs/admin-guide/guides/sso.mdx Normal file
View File

@@ -0,0 +1,223 @@
---
title: "How to Setup SSO"
description: "Configure Single Sign-On (SSO) to enable secure, centralized authentication for your Activepieces platform"
icon: 'key'
---
<Snippet file="enterprise-feature.mdx" />
## Overview
Single Sign-On (SSO) allows your team to authenticate using your organization's existing identity provider, eliminating the need for separate Activepieces credentials. This improves security, simplifies user management, and provides a seamless login experience.
## Prerequisites
Before configuring SSO, ensure you have:
- **Admin access** to your Activepieces platform
- **Admin access** to your identity provider (Google, GitHub, Okta, or JumpCloud)
- The **redirect URL** from your Activepieces SSO configuration screen
## Accessing SSO Configuration
Navigate to **Platform Settings** → **SSO** in your Activepieces admin dashboard to access the SSO configuration screen.
![SSO Configuration](/resources/screenshots/sso.png)
## Enforcing SSO
You can enforce SSO by specifying your organization's email domain. When SSO enforcement is enabled:
- Users with matching email domains must authenticate through the SSO provider
- Email/password login can be disabled for enhanced security
- All authentication is routed through your designated identity provider
<Tip>
We recommend testing SSO with a small group of users before enforcing it organization-wide.
</Tip>
## Supported SSO Providers
Activepieces supports multiple SSO providers to integrate with your existing identity management system.
### Google
<Steps>
<Step title="Access Google Cloud Console">
Go to the [Google Cloud Console](https://console.cloud.google.com/) and select your project (or create a new one).
</Step>
<Step title="Create OAuth2 Credentials">
Navigate to **APIs & Services** → **Credentials** → **Create Credentials** → **OAuth client ID**.
Select **Web application** as the application type.
</Step>
<Step title="Configure Redirect URI">
Copy the **Redirect URL** from the Activepieces SSO configuration screen and add it to the **Authorized redirect URIs** in Google Cloud Console.
</Step>
<Step title="Copy Credentials to Activepieces">
Copy the **Client ID** and **Client Secret** from Google and paste them into the corresponding fields in Activepieces.
</Step>
<Step title="Save Configuration">
Click **Finish** to complete the setup.
</Step>
</Steps>
### GitHub
<Steps>
<Step title="Access GitHub Developer Settings">
Go to [GitHub Developer Settings](https://github.com/settings/developers) → **OAuth Apps** → **New OAuth App**.
</Step>
<Step title="Register New Application">
Fill in the application details:
- **Application name**: Choose a recognizable name (e.g., "Activepieces SSO")
- **Homepage URL**: Enter your Activepieces instance URL
</Step>
<Step title="Configure Authorization Callback">
Copy the **Redirect URL** from the Activepieces SSO configuration screen and paste it into the **Authorization callback URL** field.
</Step>
<Step title="Complete Registration">
Click **Register application** to create the OAuth App.
</Step>
<Step title="Generate Client Secret">
After registration, click **Generate a new client secret** and copy it immediately (it won't be shown again).
</Step>
<Step title="Copy Credentials to Activepieces">
Copy the **Client ID** and **Client Secret** and paste them into the corresponding fields in Activepieces.
</Step>
<Step title="Save Configuration">
Click **Finish** to complete the setup.
</Step>
</Steps>
### SAML with Okta
<Steps>
<Step title="Create New Application in Okta">
Go to the [Okta Admin Portal](https://login.okta.com/) → **Applications** → **Create App Integration**.
</Step>
<Step title="Select SAML 2.0">
Choose **SAML 2.0** as the sign-on method and click **Next**.
</Step>
<Step title="Configure General Settings">
Enter an **App name** (e.g., "Activepieces") and optionally upload a logo. Click **Next**.
</Step>
<Step title="Configure SAML Settings">
- **Single sign-on URL**: Copy the SSO URL from the Activepieces configuration screen
- **Audience URI (SP Entity ID)**: Enter `Activepieces`
- **Name ID format**: Select `EmailAddress`
</Step>
<Step title="Add Attribute Statements">
Add the following attribute mappings:
| Name | Value |
|------|-------|
| `firstName` | `user.firstName` |
| `lastName` | `user.lastName` |
| `email` | `user.email` |
</Step>
<Step title="Complete Setup in Okta">
Click **Next**, select the appropriate feedback option, and click **Finish**.
</Step>
<Step title="Export IdP Metadata">
Go to the **Sign On** tab → **View SAML setup instructions** or **View IdP metadata**. Copy the Identity Provider metadata XML.
</Step>
<Step title="Configure Activepieces">
- Paste the **IdP Metadata** XML into the corresponding field
- Copy the **X.509 Certificate** from Okta and paste it into the **Signing Key** field
</Step>
<Step title="Save Configuration">
Click **Save** to complete the setup.
</Step>
</Steps>
### SAML with JumpCloud
<Steps>
<Step title="Create New Application in JumpCloud">
Go to the [JumpCloud Admin Portal](https://console.jumpcloud.com/) → **SSO Applications** → **Add New Application** → **Custom SAML App**.
</Step>
<Step title="Configure ACS URL">
Copy the **ACS URL** from the Activepieces configuration screen and paste it into the **ACS URLs** field in JumpCloud.
![JumpCloud ACS URL](/resources/screenshots/jumpcloud/acl-url.png)
</Step>
<Step title="Configure SP Entity ID">
Set the **SP Entity ID** (Audience URI) to `Activepieces`.
</Step>
<Step title="Add User Attributes">
Configure the following attribute mappings:
| Service Provider Attribute | JumpCloud Attribute |
|---------------------------|---------------------|
| `firstName` | `firstname` |
| `lastName` | `lastname` |
| `email` | `email` |
![JumpCloud User Attributes](/resources/screenshots/jumpcloud/user-attribute.png)
</Step>
<Step title="Enable HTTP-Redirect Binding">
JumpCloud does not include the `HTTP-Redirect` binding by default. You **must** enable this option.
![JumpCloud Redirect Binding](/resources/screenshots/jumpcloud/declare-login.png)
<Warning>
Without HTTP-Redirect binding, the SSO integration will not work correctly.
</Warning>
</Step>
<Step title="Export Metadata">
Click **Save**, then refresh the page and click **Export Metadata**.
![JumpCloud Export Metadata](/resources/screenshots/jumpcloud/export-metadata.png)
<Tip>
Verify that the exported XML contains `Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"` to ensure the binding was properly enabled.
</Tip>
</Step>
<Step title="Configure IdP Metadata in Activepieces">
Paste the exported metadata XML into the **IdP Metadata** field in Activepieces.
</Step>
<Step title="Configure Signing Certificate">
Locate the `<ds:X509Certificate>` element in the IdP metadata and extract its value. Format it as a PEM certificate:
```
-----BEGIN CERTIFICATE-----
[PASTE THE CERTIFICATE VALUE HERE]
-----END CERTIFICATE-----
```
Paste this into the **Signing Key** field.
</Step>
<Step title="Assign Users to Application">
In JumpCloud, assign the application to the appropriate users or user groups.
![JumpCloud Assign App](/resources/screenshots/jumpcloud/user-groups.png)
</Step>
<Step title="Save Configuration">
Click **Finish** to complete the setup.
</Step>
</Steps>
## Troubleshooting
<AccordionGroup>
<Accordion title="Users cannot log in after SSO configuration">
- Verify the redirect URL is correctly configured in your identity provider
- Ensure users are assigned to the application in your identity provider
- Check that email domains match the SSO enforcement settings
</Accordion>
<Accordion title="SAML authentication fails">
- Confirm the IdP metadata is complete and correctly formatted
- Verify the signing certificate is properly formatted with BEGIN/END markers
- Ensure all required attributes (firstName, lastName, email) are mapped
</Accordion>
<Accordion title="HTTP-Redirect binding error (JumpCloud)">
- Enable the HTTP-Redirect binding option in JumpCloud
- Re-export the metadata after enabling the binding
- Verify the binding appears in the exported XML
</Accordion>
</AccordionGroup>
## Need Help?
If you encounter issues during SSO setup, please contact our enterprise support or [sales team](https://www.activepieces.com/sales).

15
activepieces-fork/docs/admin-guide/guides/structure-projects.mdx Normal file
View File

@@ -0,0 +1,15 @@
---
title: "How to Structure Projects"
description: ""
icon: "building"
---
<Snippet file="enterprise-feature.mdx" />
Projects in Activepieces are the main units for organizing your automations and resources within your organization. Every project contains its own flows, connections, and tables. Access to these resources is shared among everyone who has access to that project.
There are two types of projects:
- **Personal Projects**: Each user invited to your organization automatically receives a personal project. This is a private space where only that user can create and manage flows, connections, and tables.
- **Team Projects**: Team projects are shared spaces that can be created and managed from this page. Multiple users can be invited to a team project, allowing them to collaborate, share access to flows, connections, and tables, and work together.
When organizing your work, create team projects for group collaboration and utilize personal projects for individual or private tasks.

23
activepieces-fork/docs/admin-guide/overview.mdx Normal file
View File

@@ -0,0 +1,23 @@
---
title: "Overview"
icon: "hand-wave"
description: "Manage and customize your Activepieces instance"
---
The **Platform Admin** is the centralized admin panel for managing your Activepieces instance. It's designed for teams and organizations that want full control over users, integrations, security, and internal automation.
## What Can You Do?
With Platform Admin, you can:
- **Custom Branding:** Tailor the appearance of Activepieces to match your organization's identity, including colors, logos, and fonts.
- **Project Management:** Create, edit, and organize projects for internal teams and users.
- **Piece Management:** Control which integration pieces are available, including managing custom or internal pieces for your team's workflows.
- **User Management:** Add and remove users, send invitations, and assign roles and permissions.
- **AI Provider Management:** Configure and manage AI providers (like OpenAI, Anthropic, etc.) available for use in your flows.
- **SSO & Security:** Configure Single Sign-On (SSO) providers and manage security settings to ensure your instance is secure.

5
activepieces-fork/docs/admin-guide/security/audit-logs/connection-deleted.mdx Normal file
View File

@@ -0,0 +1,5 @@
---
title: 'Connection Deleted'
openapi-schema: connection.deleted
icon: link
---

5
activepieces-fork/docs/admin-guide/security/audit-logs/connection-upserted.mdx Normal file
View File

@@ -0,0 +1,5 @@
---
title: 'Connection Upserted'
openapi-schema: connection.upserted
icon: link
---

5
activepieces-fork/docs/admin-guide/security/audit-logs/flow-created.mdx Normal file
View File

@@ -0,0 +1,5 @@
---
title: 'Flow Created'
openapi-schema: flow.created
icon: bolt
---

5
activepieces-fork/docs/admin-guide/security/audit-logs/flow-deleted.mdx Normal file
View File

@@ -0,0 +1,5 @@
---
title: 'Flow Deleted'
openapi-schema: flow.deleted
icon: bolt
---

5
activepieces-fork/docs/admin-guide/security/audit-logs/flow-run-finished.mdx Normal file
View File

@@ -0,0 +1,5 @@
---
title: 'Flow Run Finished'
openapi-schema: flow.run.finished
icon: play
---

5
activepieces-fork/docs/admin-guide/security/audit-logs/flow-run-started.mdx Normal file
View File

@@ -0,0 +1,5 @@
---
title: 'Flow Run Started'
openapi-schema: flow.run.started
icon: play
---

5
activepieces-fork/docs/admin-guide/security/audit-logs/flow-updated.mdx Normal file
View File

@@ -0,0 +1,5 @@
---
title: 'Flow Updated'
openapi-schema: flow.updated
icon: bolt
---

5
activepieces-fork/docs/admin-guide/security/audit-logs/folder-created.mdx Normal file
View File

@@ -0,0 +1,5 @@
---
title: 'Folder Created'
openapi-schema: folder.created
icon: folder
---

5
activepieces-fork/docs/admin-guide/security/audit-logs/folder-deleted.mdx Normal file
View File

@@ -0,0 +1,5 @@
---
title: 'Folder Deleted'
openapi-schema: folder.deleted
icon: folder
---

5
activepieces-fork/docs/admin-guide/security/audit-logs/folder-updated.mdx Normal file
View File

@@ -0,0 +1,5 @@
---
title: 'Folder Updated'
openapi-schema: folder.updated
icon: folder
---

10
activepieces-fork/docs/admin-guide/security/audit-logs/overview.mdx Normal file
View File

@@ -0,0 +1,10 @@
---
title: "Overview"
description: ""
---
<Snippet file="enterprise-feature.mdx" />
This table in admin console contains all application events. We are constantly adding new events, so there is no better place to see the events defined in the code than [here](https://github.com/activepieces/activepieces/blob/main/packages/ee/shared/src/lib/audit-events/index.ts).
![Audit Logs](/resources/screenshots/audit-logs.png)

5
activepieces-fork/docs/admin-guide/security/audit-logs/signing-key-created.mdx Normal file
View File

@@ -0,0 +1,5 @@
---
title: 'Signing Key Created'
openapi-schema: signing.key.created
icon: key
---

5
activepieces-fork/docs/admin-guide/security/audit-logs/user-email-verified.mdx Normal file
View File

@@ -0,0 +1,5 @@
---
title: 'User Email Verified'
openapi-schema: user.email.verified
icon: lock
---

5
activepieces-fork/docs/admin-guide/security/audit-logs/user-password-reset.mdx Normal file
View File

@@ -0,0 +1,5 @@
---
title: 'User Password Reset'
openapi-schema: user.password.reset
icon: lock
---

5
activepieces-fork/docs/admin-guide/security/audit-logs/user-signed-in.mdx Normal file
View File

@@ -0,0 +1,5 @@
---
title: 'User Signed In'
openapi-schema: user.signed.in
icon: lock
---

5
activepieces-fork/docs/admin-guide/security/audit-logs/user-signed-up.mdx Normal file
View File

@@ -0,0 +1,5 @@
---
title: 'User Signed Up'
openapi-schema: user.signed.up
icon: lock
---

56
activepieces-fork/docs/admin-guide/security/practices.mdx Normal file
View File

@@ -0,0 +1,56 @@
---
title: "Security & Data Practices"
description: "We prioritize security and follow these practices to keep information safe."
icon: 'lock'
---
## External Systems Credentials
**Storing Credentials**
All credentials are stored with 256-bit encryption keys, and there is no API to retrieve them for the user. They are sent only during processing, after which access is revoked from the engine.
**Data Masking**
We implement a robust data masking mechanism where third-party credentials or any sensitive information are systematically censored within the logs, guaranteeing that sensitive information is never stored or documented.
**OAuth2**
Integrations with third parties are always done using OAuth2, with a limited number of scopes when third-party support allows.
## Vulnerability Disclosure
Activepieces is an open-source project that welcomes contributors to test and report security issues.
For detailed information about our security policy, please refer to our GitHub Security Policy at: [https://github.com/activepieces/activepieces/security/policy](https://github.com/activepieces/activepieces/security/policy)
## Access and Authentication
**Role-Based Access Control (RBAC)**
To manage user access, we utilize Role-Based Access Control (RBAC). Team admins assign roles to users, granting them specific permissions to access and interact with projects, folders, and resources. RBAC allows for fine-grained control, enabling administrators to define and enforce access policies based on user roles.
**Single Sign-On (SSO)**
Implementing Single Sign-On (SSO) serves as a pivotal component of our security strategy. SSO streamlines user authentication by allowing them to access Activepieces with a single set of credentials. This not only enhances user convenience but also strengthens security by reducing the potential attack surface associated with managing multiple login credentials.
**Audit Logs**
We maintain comprehensive audit logs to track and monitor all access activities within Activepieces. This includes user interactions, system changes, and other relevant events. Our meticulous logging helps identify security threats and ensures transparency and accountability in our security measures.
**Password Policy Enforcement**
Users log in to Activepieces using a password known only to them. Activepieces enforces password length and complexity standards. Passwords are not stored; instead, only a secure hash of the password is stored in the database. For more information.
## Privacy & Data
**Supported Cloud Regions**
Presently, our cloud services are available in Germany as the supported data region.
We have plans to expand to additional regions in the near future.
If you opt for **self-hosting**, the available regions will depend on where you choose to host.
**Policy**
To better understand how we handle your data and prioritize your privacy, please take a moment to review our [Privacy Policy](https://www.activepieces.com/privacy). This document outlines in detail the measures we take to safeguard your information and the principles guiding our approach to privacy and data protection.