This policy allows you to add a service account to the OAuth2 protocol-based applications that can access the Advanced Authentication API. The service account is specific to an application rather than an end-user. A unique Client ID and Secret are generated when you add an application. These details must be configured in the application to establish trust between the application and the Advanced Authentication server. With the established connection, the application accesses the Advanced Authentication API without approval from a user.
With the Client ID and Secret, the application sends the token request to the Advanced Authentication Server, which returns an access token. Then, the application uses the token to access the required API. The scope is also defined for each application to restrict the access to a specific API.
For example, api/v1/chains is accessible without any scope. However, to view the tenants list, the scope must be set to full admin.
To add an application, perform the following steps:
Click Add in the OAuth2 applications policy.
Specify the application name in Name.
Copy the Client ID and Secret for further use.
NOTE:When you save the application, Secret will not be displayed.
(Opitonal) Set Full admin to ON to grant the full administrator scope to the application so all APIs are accessible without any restriction. By default, Full admin is set to OFF and full administrator scope is not granted.
For example, The API /api/v1/tenants is accessible only with the full administrator privilege.
(Optional) Set Tenant admin to ON to grant the tenant administrator scope to the application. With this application can access APIs that are applicable. By default, Tenant admin is set to OFF and tenant scope is not granted.