There are 5 steps in this procedure. If you're having trouble at any stage please contact us at firstname.lastname@example.org.
During the different you will need to write down the following information : client id/application id, client secret/password, scope and suffix.
The steps that you will be performing during this procedures are:
- Login to your Centrify Admin Portal
- Creating a confidential user for the app
- Creating a service account role for the app (with the permissions needed)
- Creating a new OAuth app
- Configuring the newly created OAuth app
Step 1: Login to your Centrify Admin Portal
- Log in to your Centrify Admin portal at:
(Replace 123456 with your Centrify tenant ID)
If you are already in your Centrify User Portal you could switch to the Admin Portal
by navigating to your user name at the top right corner and select Switch to Admin Portal
from the dropdown:
Step 2: Create a confidential user for the app
- Put a name into the Login Name field.
Note: Please write down the login name, as it will be used as the "Application ID" or "Client ID" during the connector onboarding process in Skyformation UI later on. This field cannot
contain spaces. Please also write down the suffix string. This is case sensitive.
- Enter values into the Email Address and Display Name fields. Confidential clients do not use these values, but they are required in order to satisfy the required fields of the user form.
- Enter a Password (Manually or generated) aligned with the password policy requirements.
Confirm Password fields.
Note: Please write down the password that you have chosen as it will be used as the "Application secret" during the connector onboarding process in Skyformation UI later on.
4. Navigate to the Status section at the bottom and enable Is OAuth confidential client.
5. Click Create User.
Step 3: Create a Service Account Role for the app
Click Save to create the new role.
Step 4: Create a New OAuth App
- On the lefthand side, navigate to Apps -> Web Apps and click on Add Web Apps.
- In the next Dialog, elect the Custom tab on the Add Web Apps popup.
- Locate OAuth2 Client in the list and click Add. This creates an OAuth2 Client for use with the Centrify APIs.
- Click Yes on the Add Web App popup that appears.
- Click Close on the Add Web Apps popup. The app configuration screen is displayed.
Step 5. Configure the new OAuth 2.0 Client
- In the app configuration screen (left side), select categories (listed below).
- For each category, enter the appropriate data in the fields - see below.
() Application ID: Put here the same login name which you gave to the user created in
step 2. Note that this value cannot contain spaces.
() Application Name: a descriptive name for the application.
() Client ID Type: select Confidential
() Issuer: the URL of the server issuing access tokens. Can be left as default.
() Token Type: Select JwtRS256.
() Auth Methods: Select Client Creds.
() Token Lifetime: specifies the duration of the initial token. Can be left for 5 hours.
() Issue refresh tokens : Should be checked. Can be left for 365 days or change as you wish.
Note: the user must be in a role that gives them access to the Redrock/Query api.
() Scope Definitions:
- Name - provide some name to the scope - e.g. QueryScope
- Allowed REST APIs - click on "add" and Type "Redrock/Query/*".
Note: Please write down the name that you have given to the scope (e.g. QueryScope) which you just created as it will be used later when onboarding the connector on Skyformation UI.
Click on Add to add the user that was created during step 2.
Note: The application status should now become "deployed":