Custom clients can be registered in IAM for different authentication needs given in authentication for integration.
The navigation details for accessing custom clients are given below.
- To access the overview page, go to to Solution Manager > Security > Identity and Access Manager > IAM Client.
- To access the detailed view page, go to Solution Manager > Security > Identity and Access Manager > IAM Client Details.
Registering Confidential Client¶
If the client has a way to securely store a secret, then it should be a confidential client and Public Client should be disabled by turning OFF toggle.
See here for hints on what to put as redirect URI:s.
Configuring Service Account¶
Applications that are incapable of rendering a browser can use other flows, and some applications do not need end user accounts in order to access the system to do some limited tasks. For these applications, Client Credentials flow allows for a non-interactive authentication of a service account where the authorization endpoint is never contacted and the request is done non-interactively directly to the token endpoint using pre-configured credentials.
This form of authentication yields an access token associated with a service user that is associated with the OAuth2 client itself rather than an end user account. The client ID and client secret of a client registration set up to allow this flow acts as the username and password for the integrating application. See here for more information on service account and client credential flow.
In order to set up a client registration to be able to use client credentials flow, the following must be true:
- The client registration must be a confidential client so that a client secret exists.
- The client must be set up to allow direct access grants. This enables all the flows that bypass the authorization endpoint.
- The client must be set up to have service accounts enabled and a service account associated with it. This enables Client Credentials Flow.
Client secret will be generated upon adding confidential client. Optionally, secret can be regenerated by clicking the Regenerate Secret button.