Skip to main content

Connecting and Configuring Services in Cloudentity

This article guides you through the process of connecting a service that you want to protect in Cloudentity.

Add and Configure Services

  1. Go to Applications > Clients.

  2. Select Create Service.

  3. In the pop-up window, give your service a name and description and select Create. The service is added to the list.

  4. Configure the service. Follow the information below for details on each configuration form.

Configure Basic Settings

In the Overview page you can see the Service details and Service Capabilities panels.

  • Service details

    Parameter

    Description

    Name

    Name identifying this service

    Description

    Description identifying this service

    Access Token Audience

    Default Access Token audience present in Access Tokens issued by Cloudentity.

    Custom Access Token Audience

    Custom Access Token audience, overriding the default one.

  • Service capabilities

    Parameter

    Description

    OAuth Resource Server

    Controls if this service is an OAuth 2.0 Resource Server, where authorization is governed by scopes.

    API Server

    Allows for API-level service control. When enabled, you can define access control for individual APIs, including GraphQL APIs or APIs behind a gateway.

Configure Scopes

If you need to learn more about scopes, see the Access (Token) Scopes article.

  1. Open the Scopes page from your service.

  2. Select Create Scope and fill in the form.

    Parameter

    Description

    Scope name

    Scope name. This is the name that OAuth clients will need to send with their authorization call. You can define a dynamic scope in a wildcard (dynamic) form by appending .* to the scope name. For example account.*.

    Display name

    Scope name shown to the user

    Description

    Scope description

  3. Select Govern Scopes to configure global settings related to authorization flows available for this service. These settings impact all scopes within this service.

    Parameter

    Description

    Human Users

    Controls whether or not the Authorization Code flow can be used with this service. If enabled, you can configure the policy for such flow.

    Machine Users

    Controls whether or not the Client Credentials flow can be used with this service. If enabled, you can configure the policy for such flow.

    3rd Party Developers

    Controls whether or not third party developers can subscribe to this service . If enabled, you can configure the policy for such flow.

    Dynamic Client Registration

    Controls whether or not dynamically registered clients can subscribe to this service. Define conditions dynamically registered clients need to meet to subscribe to a protected scope using a policy.

  4. Select the newly created scope and finish its configuration.

    Tab

    Description

    Details

    Edit basic scope information

    Governance

    Assign policies for each flow enabled via Govern Scopes

    Advanced

    Configure advanced settings

    Metadata

    Assign metadata to a scope in JSON format

  5. Check the preview panel. It shows the end user's point of view with the current service configuration.

Configure APIs

Under APIs, you can specify the APIs exposed by the service, if your service is defined as an API server. If the APIs are behind a gateway, you can connect the gateway with all the APIs directly. Finally, you can import any Open API-compliant specification.

  • To add individual APIs:

    1. Select + API

    2. Define the API type (REST or GraphQL), method, and path.

    3. Optionally, assign an API Policy to your API.

    4. Select Add API to finish.

  • To connect API Gateway:

    1. Select + Gateway API.

    2. Select any API Gateway connected to Cloudentity. If none are available, add an API Gateway first.

    3. Select Connect to finish.

  • To import an API specification:

    1. Select Import.

    2. Provide the specification in the form.

      Source

      Description

      URL

      URL pointing to an Open API-compliant specification

      File

      JSON or YAML file with your Open API specification

      JSON or YAML

      Paste the Open API specification directly as a JSON or YAML

    3. Select Import to finish.

Subscribe Clients to Scopes

Having added and configured your Services, you must subscribe the client application to the correct scopes.