There are 6 steps in this procedure. If you're having trouble at any stage please contact us at firstname.lastname@example.org.
The steps that you will be performing during this procedures are:
- Login to your Centrify Admin Portal
- Creating a confidential user for the app
- Creating a service account role for the app (with the permissions needed)
- Creating a new OAuth app
- Configuring the newly created OAuth app
- Generating a bearer token to be used in for SkyFormation app centrify connector configuration.
Step 1: Login to your Centrify Admin Portal
- Log in to your Centrify Admin portal at:
(Replace 123456 with your Centrify tenant ID)
If you are already in your Centrify User Portal you could switch to the Admin Portal
by navigating to your user name at the top right corner and select Switch to Admin Portal
from the dropdown:
Step 2: Create a confidential user for the app
- Put a name into the Login Name field.
Note: you must remember the login name for the next steps, as it will be used as the
"Application ID" or "Client ID" so take a note now of the login name. This field cannot
- Enter values into the Email Address and Display Name fields. Confidential clients do not use these values, but they are required in order to satisfy the required fields of the user form.
- Enter a Password (Manually or generated) aligned with the password policy requirements.
Confirm Password fields.
Note: you must remember the password created for the next steps, so use "manual"
password generation and take a note of the password.
4. Navigate to the Status section at the bottom and enable Is OAuth confidential client.
5. Click Create User.
Step 3: Create a Service Account Role for the app
Click Save to create the new role.
Step 4: Create a New OAuth App
- On the lefthand side, navigate to Apps -> Web Apps and click on Add Web Apps.
- In the next Dialog, elect the Custom tab on the Add Web Apps popup.
- Locate OAuth2 Client in the list and click Add. This creates an OAuth2 Client for use with the Centrify APIs.
- Click Yes on the Add Web App popup that appears.
- Click Close on the Add Web Apps popup. The app configuration screen is displayed.
Step 5. Configure the new OAuth 2.0 Client
- In the app configuration screen (left side), select categories (listed below).
- For each category, enter the appropriate data in the fields - see below.
() Application ID: Put here the same login name which you gave to the user created in
step 2. Note that this value cannot contain spaces.
() Application Name: a descriptive name for the application.
() Client ID Type: select Confidential
() Issuer: the URL of the server issuing access tokens. Can be left as default.
() Token Type: Select JwtRS256.
() Auth Methods: Select Client Creds.
() Token Lifetime: specifies the duration of the token's lifespan -
choose a value which is long enough so you won't have to change it
frequently, e.g. 3650 days.
Note: the user must be in a role that gives them access to the Redrock/Query api.
() Scope Definitions:
- Name - provide some name to the scope - e.g. QueryScope
- Allowed REST APIs - click on "add" and Type "Redrock/Query/*".
Click on Add to add the user that was created during step 2.
Note: The application status should now become "deployed":
Step 6: Create a Bearer Token for the application
From the Actions drop down menu, choose Create Bearer Token:
Fill the next dialog with the ClientId which is the login name + suffix which were created earlier,
And the Client Secret which is the password that the user was created with.
After you click on Get Token, a bearer token will show. Copy the token - it will be used next to configure the SkyFormation for Centrify Connector.