Management ConsoleRepositoryVaultOAuth clientsConfigure OAuth clients

Configure OAuth clients

Add and configure clients for robot access to service provider websites using client credentials such as keys, tokens, secrets, certificates, and other access data.

To configure an OAuth client:

  1. Navigate to Repository > Vault > OAuth clients page and click the plus sign.

    A new window with three tabs appears, with the Configure dialog box active.

  2. Select a Project from the list.

    See Projects.

  3. Select a Target system from the list.

    See Target systems.

  4. In the Label box, type a name for client.
  5. If the Tenant box is displayed, paste the tenant value into the box.

    For OAuth applications created with Microsoft Azure AD 2.0, the Tenant box appears.

    • If you have a single-tenant application, copy the Directory (tenant) ID from the Overview > Essentials page of the application (shown on the Microsoft Azure portal).

      Accessing single-tenant applications requires a tenant ID.

    • If you have a multi-tenant application, you can specify the ID of the required tenant or leave this parameter empty.

      If you leave it empty, the ID of the tenant whose credentials you specified becomes the default.

  6. If you are configuring OAuth for Basic Engine Robots, select the Allow access for Basic Engine Robots checkbox.

    This option is disabled by default and only provided as a method to support Basic Engine Robots and OAuth users.

    • If you restored Basic Engine Robots from a backup, this checkbox is enabled by default.

    • Be aware that selecting this option results in less secure authentication. Basic Engine Robots do not use the Vault lookup API. We recommend controlling access on a per OAuth client basis, to limit access.

    • Also with this configuration, Basic Engine Robots have limited functionality.

    To provide secure OAuth client data protection, we strongly recommend using only Robots with OAuth clients.

  7. Click Next.
  8. Continue as follows:

    • For target systems with client credentials flow, continue with Retrieve access tokens.

      The Authorize tab is unavailable for client credentials flow target systems.

    • For all other target systems, continue with Authorize OAuth clients.