Skip to main content

OAuth 2.0 Applications options

Overview

Whenever you need a external application to invoke Bizagi using the features of different services (OData, Azure Active Directory, System for Cross-domain Identity Management, etc.), you must first register the OAuth keys (clientSecret and clientID) used for its authentication in the OAuth 2 Applications option of the Work Portal's Admin menu. As these services in Bizagi are protected and rely on this standard authentication mechanism (OAuth version 2.0), requests made to these services need to be granted with rights to resources, using the previously generated OAuth keys.

With the OAuth version 2.0 specification, Bizagi supports the three OAuth flows, which are the most commonly used ones:

  • Authorization code:
    This lets client application authenticate users with inputted credentials at runtime (throughout a login page).
    This flow is designed for human interaction, where requests use impersonation of end users.
    For more information about this specification, refer to https://tools.ietf.org/html/rfc6749#section-1.3.1.

  • Client credentials:
    This allows server to server integration without further use of specific end user credentials.
    For more information about this specification, refer to https://tools.ietf.org/html/rfc6749#section-1.3.4.

  • Bearer Token:
    This lets client application authenticate using a token.
    For more information about this specification, refer to https://tools.ietf.org/html/rfc6750.

This article explains the different options you have when registering an application in OAuth 2 Applications.

Register Application options

To register an external application, you must first go to the Work Portal and, under the Security section of the Admin menu, select the OAuth2 Applications option.

OAuth2Apps_options_01

This option lists the services being accessed by Bizagi devices, and allows you to include additional applications that represent granted access to the services by providing the appropriate access keys.

Click the option to add a new record to this table:

OAuth2Apps_options_02

This opens the Register Application window, where you have the following options:

OAuth2Apps_options_03

pic of the TABLE

Once you have finished selecting and filling in the options you require, click the Save button. The OAuth keys (clientSecret and clientID) are generated for authentication of the external system you just registered. Save these keys in a secure place and use them to grant access to the external application.