From miro-pack
Configure Miro Enterprise features: organization management, SCIM provisioning, board-level access control, audit logs, and SSO integration via REST API v2. Trigger with phrases like "miro SSO", "miro RBAC", "miro enterprise", "miro SCIM", "miro permissions", "miro organization".
npx claudepluginhub flight505/skill-forge --plugin miro-packThis skill is limited to using the following tools:
Enterprise-grade access control for Miro REST API v2: organization and team management, SCIM user provisioning, board sharing with role-based permissions, and audit log access. Requires Miro Enterprise plan.
Guides Next.js Cache Components and Partial Prerendering (PPR): 'use cache' directives, cacheLife(), cacheTag(), revalidateTag() for caching, invalidation, static/dynamic optimization. Auto-activates on cacheComponents: true.
Guides building MCP servers enabling LLMs to interact with external services via tools. Covers best practices, TypeScript/Node (MCP SDK), Python (FastMCP).
Share bugs, ideas, or general feedback.
Enterprise-grade access control for Miro REST API v2: organization and team management, SCIM user provisioning, board sharing with role-based permissions, and audit log access. Requires Miro Enterprise plan.
Organization (Enterprise)
├── Team 1
│ ├── Board A (sharing: team only)
│ │ ├── Owner (full control)
│ │ ├── Co-owner (full control, can't delete board)
│ │ ├── Editor (can add/edit items)
│ │ ├── Commenter (can add comments only)
│ │ └── Viewer (read-only)
│ └── Board B
├── Team 2
│ └── Board C
└── Projects
└── Project 1 (groups boards)
| Role | View | Comment | Edit Items | Share | Delete Board |
|---|---|---|---|---|---|
| Viewer | Yes | No | No | No | No |
| Commenter | Yes | Yes | No | No | No |
| Editor | Yes | Yes | Yes | No | No |
| Co-owner | Yes | Yes | Yes | Yes | No |
| Owner | Yes | Yes | Yes | Yes | Yes |
// List board members
// GET https://api.miro.com/v2/boards/{board_id}/members
const members = await miroFetch(`/v2/boards/${boardId}/members?limit=50`);
for (const member of members.data) {
console.log(`${member.name} (${member.id}): role=${member.role}`);
}
// Share board with users
// POST https://api.miro.com/v2/boards/{board_id}/members
await miroFetch(`/v2/boards/${boardId}/members`, 'POST', {
emails: ['dev@company.com', 'pm@company.com'],
role: 'editor', // 'viewer' | 'commenter' | 'editor' | 'coowner'
message: 'You have been added to the sprint board',
});
// Update member role
// PATCH https://api.miro.com/v2/boards/{board_id}/members/{member_id}
await miroFetch(`/v2/boards/${boardId}/members/${memberId}`, 'PATCH', {
role: 'commenter',
});
// Remove member from board
// DELETE https://api.miro.com/v2/boards/{board_id}/members/{member_id}
await miroFetch(`/v2/boards/${boardId}/members/${memberId}`, 'DELETE');
// List teams in organization
// GET https://api.miro.com/v2/orgs/{org_id}/teams (Enterprise)
const teams = await miroFetch(`/v2/orgs/${orgId}/teams?limit=50`);
// Get team details
// GET https://api.miro.com/v2/teams/{team_id}
const team = await miroFetch(`/v2/teams/${teamId}`);
// List team members
// GET https://api.miro.com/v2/teams/{team_id}/members
const teamMembers = await miroFetch(`/v2/teams/${teamId}/members?limit=100`);
// Invite user to team
// POST https://api.miro.com/v2/teams/{team_id}/members
await miroFetch(`/v2/teams/${teamId}/members`, 'POST', {
emails: ['newdev@company.com'],
role: 'member', // 'member' | 'admin' | 'non_team'
});
// Get organization info
// GET https://api.miro.com/v2/orgs/{org_id}
const org = await miroFetch(`/v2/orgs/${orgId}`);
// List organization members
// GET https://api.miro.com/v2/orgs/{org_id}/members
const orgMembers = await miroFetch(`/v2/orgs/${orgId}/members?limit=100`);
Miro supports SCIM 2.0 for automated user lifecycle management from identity providers (Okta, Azure AD, OneLogin).
// SCIM Base URL: https://miro.com/api/v1/scim/v2
// Create user via SCIM
// POST https://miro.com/api/v1/scim/v2/Users
const scimUser = await fetch('https://miro.com/api/v1/scim/v2/Users', {
method: 'POST',
headers: {
'Authorization': `Bearer ${scimToken}`,
'Content-Type': 'application/scim+json',
},
body: JSON.stringify({
schemas: ['urn:ietf:params:scim:schemas:core:2.0:User'],
userName: 'newuser@company.com',
name: { givenName: 'New', familyName: 'User' },
emails: [{ value: 'newuser@company.com', type: 'work', primary: true }],
active: true,
}),
});
// List users via SCIM
// GET https://miro.com/api/v1/scim/v2/Users
const users = await fetch('https://miro.com/api/v1/scim/v2/Users?filter=active eq true', {
headers: { 'Authorization': `Bearer ${scimToken}` },
});
// Deactivate user (deprovision)
// PATCH https://miro.com/api/v1/scim/v2/Users/{user_id}
await fetch(`https://miro.com/api/v1/scim/v2/Users/${scimUserId}`, {
method: 'PATCH',
headers: {
'Authorization': `Bearer ${scimToken}`,
'Content-Type': 'application/scim+json',
},
body: JSON.stringify({
schemas: ['urn:ietf:params:scim:api:messages:2.0:PatchOp'],
Operations: [{ op: 'replace', path: 'active', value: false }],
}),
});
// Manage team membership via SCIM Groups
// GET https://miro.com/api/v1/scim/v2/Groups
// POST/PATCH Groups to add/remove team members
Control how boards can be shared at creation time:
// Create board with restrictive sharing
await miroFetch('/v2/boards', 'POST', {
name: 'Confidential Strategy Board',
policy: {
sharingPolicy: {
access: 'private', // Only invited members
inviteToAccountAndBoardLinkAccess: 'no_access',
organizationAccess: 'private', // Not visible to org
teamAccess: 'private', // Not visible to team
},
permissionsPolicy: {
collaborationToolsStartAccess: 'all_editors',
copyAccess: 'team_members', // Only team can copy
sharingAccess: 'owners_and_coowners', // Only owners can share
},
},
});
// Create board with open team access
await miroFetch('/v2/boards', 'POST', {
name: 'Team Brainstorming',
teamId: teamId,
policy: {
sharingPolicy: {
access: 'edit', // Team can edit by default
teamAccess: 'edit',
},
permissionsPolicy: {
sharingAccess: 'team_members_and_collaborators',
},
},
});
// Get audit logs — requires 'auditlogs:read' scope
// GET https://api.miro.com/v2/orgs/{org_id}/audit-logs
const logs = await miroFetch(
`/v2/orgs/${orgId}/audit-logs?limit=100&createdAfter=${startDate}`
);
// Log entries include:
// - User actions (board created, item modified, member added)
// - Admin actions (team created, user deactivated, settings changed)
// - API actions (OAuth token issued, SCIM provisioning)
for (const entry of logs.data) {
console.log({
action: entry.action,
actor: entry.actor?.email,
target: entry.context?.boardId ?? entry.context?.teamId,
timestamp: entry.createdAt,
});
}
Enforce board-level permissions in your application:
type BoardRole = 'viewer' | 'commenter' | 'editor' | 'coowner' | 'owner';
const ROLE_HIERARCHY: Record<BoardRole, number> = {
viewer: 0,
commenter: 1,
editor: 2,
coowner: 3,
owner: 4,
};
function hasMinimumRole(userRole: BoardRole, requiredRole: BoardRole): boolean {
return ROLE_HIERARCHY[userRole] >= ROLE_HIERARCHY[requiredRole];
}
async function requireBoardRole(boardId: string, userId: string, minRole: BoardRole) {
const members = await miroFetch(`/v2/boards/${boardId}/members?limit=100`);
const user = members.data.find((m: any) => m.id === userId);
if (!user) {
throw new Error('User is not a board member');
}
if (!hasMinimumRole(user.role, minRole)) {
throw new Error(`Requires ${minRole} role, user has ${user.role}`);
}
}
// Usage
await requireBoardRole(boardId, userId, 'editor');
// Throws if user doesn't have editor or higher role
| Feature | Required Scope |
|---|---|
| Board members | boards:read (list) / boards:write (manage) |
| Team management | team:read / team:write |
| Organization | organizations:read |
| Audit logs | auditlogs:read |
| SCIM provisioning | SCIM token (separate from OAuth) |
| Error | Status | Cause | Solution |
|---|---|---|---|
insufficientPermissions | 403 | Missing scope | Add required scope in app settings |
memberNotFound | 404 | User not on board | Invite user first |
teamNotFound | 404 | Wrong team ID or no access | Verify org/team hierarchy |
orgNotFound | 404 | Not Enterprise plan | Upgrade to Enterprise |
scimTokenInvalid | 401 | Wrong SCIM token | Generate new token in admin console |
For major migrations, see miro-migration-deep-dive.