Configuring an OAuth 2.0 authentication profile
Configure an OAuth 2.0 authentication profile so that messages sent to and from your application use OAuth 2.0 credentials. To learn how to obtain the values needed for the fields on this tab, consult the API guide of the external application (OAuth 2.0 provider) that you want to connect to.
Complete these tasks before you configure an OAuth 2.0 authentication profile.
- Create an OAuth 2.0 Provider data instance.
- Create an authentication profile.
- Open an authentication profile from the Explorer panel by clicking Records > Security > Authentication Profile and selecting an OAuth 2.0 profile from the instance list.
-
In the OAuth provider field, enter the name of the OAuth 2.0
provider.
The system automatically populates the Grant type list for the selected provider.
-
In the Grant type list, select the grant type for the OAuth 2.0
provider. If the Grant type is Password Credentials, also do the following steps.
- In the Username field, enter a page name that references the value for the Username property.
- In the Password field, enter a page name that references the value for the Password property. Make sure to encrypt the password.
-
In the Client information section, enter the credentials that
you require to access OAuth 2.0-protected resources in the external application.
- In the Identifier field, enter the client ID that is provided by the external application.
- In the Secret field, enter the client secret that is provided by the external application.
- In the Scope field, enter the scope as specified in the API guide of the external application and that is configured for this client.
-
In the Redirect URI endpoint field, enter a URI to specify
the target endpoint to redirect to an authorization.
This field supports the Global Resource Settings syntax (
=PageName.PropertyName
). - Optional:
If you are using Box.com, select the Enable SSO (Box.com
Only) check box to enable single sign-on (SSO).
If you select this option, users who have already been authenticated against the same identity provider will not be asked to reauthenticate.
-
If you selected Enable SSO (Box.com Only), then in the
Single sign-on (SSO) identity provider (IdP) federation ID
field, enter the single sign-on identity provider federation ID that is used by the
Box account.
- You can get this value from the
entityID
attribute of theEntityDescriptor
element of the IdP metadata XML used to configure SSO to Box. - This field supports the Global Resource Settings syntax (
=PageName.PropertyName
).
- You can get this value from the
-
To use a refresh token, if one is available and supported by the service provider,
select the Use refresh token if available check box.
The refresh token is used to automatically refresh the authorization token when it expires.
- To revoke all access tokens that are generated by the external application for this OAuth 2.0 client, click Revoke access tokens.
-
To provide additional parameters that might be required by your OAuth 2.0 provider, in
the Additional endpoint parameters section, click Add
parameter and enter a Name and
Value in the following subsections:
- Authorization code
- Access token
- Revoke token
- Refresh token
- Click Save.