Project Overview

This project addresses a critical challenge in Enterprise IT: automating user management for SaaS applications that lack public APIs. I designed a scalable Agentic RPA framework to automate data extraction and user provisioning directly through admin portals, ensuring 100% coverage even for "No-API" legacy and niche software.

Detailed Analysis & Implementation

AI-Driven Web Automation for SaaS User Management

1. Understanding the Problem

1.1 Why Do Some SaaS Apps Not Have APIs?

After reading about how SaaS Management platforms works, the first question I had was, why does this problem even exist? Why would a SaaS company not have an API for something as basic as user management?

Here is what I found:

A lot of older SaaS tools were built before APIs became a standard thing. Going back and building a proper, secure API later takes real engineering effort, and for smaller vendors, it is just not a priority.
Some vendors actually avoid exposing APIs on purpose. If customers can easily export their user data or automate deprovisioning, they can switch to a competitor more easily. Keeping it behind a manual UI creates friction that works in the vendor's favor.
There are also security concerns. Admin-level actions like bulk user removal are risky to expose through an API without very careful controls. Some vendors prefer to keep that behind their own UI where they control what happens.
Niche industry tools (legal, healthcare, real estate software) usually focus everything on domain features. Developer experience and API coverage are an afterthought.
An enterprise SaaS platform works with 500+ apps. Even if the top 50 tools have good API coverage, the rest of the long tail almost certainly does not - which is where this whole automation idea becomes necessary.

1.2 What Makes Automating These Portals Hard?

Even if we can technically open a browser and simulate clicks, there are real problems that make this harder than it looks:

Challenge	Why it is a problem
Login and MFA	Most portals need email + password at minimum. Many also have OTP codes, Google login, or SSO. A bot has to handle all of these.
Dynamic UI	React and Vue based portals load content after the page opens. If you just read the HTML, you will get an empty page.
Anti-bot detection	Services like Cloudflare look for signs of automation - no mouse movement, instant clicks, headless browser signatures. If detected, you get blocked.
Pagination and scroll	User lists are split across pages or load more rows as you scroll. The scraper has to handle both cases.
No standard layout	Every admin portal looks different. The "Remove User" option could be a button, a dropdown, or a three-dot menu.
Session timeouts	Long automation runs risk getting logged out halfway through.
Confirming the action worked	After clicking "Remove", how do you know it actually worked? The UI might not show a clear success message.