When you configure the connector for OAuth2 Resources on CloudAccess, the Client ID, Client Secret, and OAuth Endpoint URLs are created automatically. This information must then be used to configure the OAuth2 client application. All configuration activities at the OAuth2 client application are out of band.
Enforcement of authorization or access control beyond the initial authentication and token creation process is the responsibility of the OAuth client application, since the OAuth Resources connector does not currently support policy mapping in CloudAccess.
For information about configuring the OAuth client application, refer to your OAuth client application documentation.