Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Each external application, system or API that you would like to manage with the CoreOne Authentication Service needs to be configured and managed through the applications menu. In order to do so, you must first create an appropriate target systems in the system configuration. This enables you to not only manage the clients of an application but also the users, their identities and permission through the Identity and Access Management features of the CoreOne Suite.

Parameters

Parameter

Datatype

Mandatory

Example

Description

Name

Drop Down

CoreOne Suite

Select an previously created target system

Role claim name

String

roles

Permissions within an application are usually distributed as part of the access token to the client / application. This setting defines in which claim those permissions should be populated. Usually this is the roles claim but some application require the permissions to be stored in a different claim.

Is trusted (does not require consent even if a offline_access is requested) *

Checkbox

No

Some applications require offline_access which means, they can act on behalf of the user while the user is not present. As a security measurement, the user has to give his consent to this right each time he performs an authentication. If you would like to prevent this behaviour, you can set the is_trusted flag to true.

Note

Do this with caution

Show elevation form on first access *

Checkbox

No

Whenever a user accesses an application for the first time, there is the option to show the elevation screen. The elevation screen will contain the same information as the registration screen. With this option active, you can ask the user for any additional information that might not be mandatory but is useful to have.

Example: You have two applications. For one you only need first- and last name and for the other there's an option to place an optional comment field upon registration. Depending which application the user will access first, the registration form will be presented. If he registers on the first application and then accesses the second, by default he will not be asked for the optional comment as he already has registered. Activate this flag if you want to present him with all the configured attributes upon the first usage of the application.

Clients

Each application can have multiple clients associated. For more information see the client documentation.

Role assignments

You can define a set of roles that will be automatically assigned to users who access the application.

Resource assignments

You can define a set of roles that will be automatically assigned to users who access the application.

Role claim configuration

The resources (permissions) assigned to an user will eventually be issued in the token. On the application level you can define in which claim this should happen. Within the role claim configuration, you can further define the format of those resources. You can add a list of claims and the appropriate format.

For more information see the role claim configuration documentation.