Skip to main content

OAuth 2.0 Authorization Code

Overview​

Many organizations require access to 3rd party SaaS services that have short-lived access tokens generated on demand for authentication to APIs that these 3rd party services provide. Some critical SaaS services that organizations may use, and need Credential Provider support, include:

  • Atlassian
  • GitLab
  • Slack
  • Google Workspace
  • PagerDuty

Configuring an OAuth 2.0 Authorization Code Credential Provider requires a few steps, including:

  1. Create and configure the Credential Provider.
  2. Create and configure the 3rd party Application (examples provided in the Server Workload pages).
  3. Authorize the Credential Provider to complete the integration.

The sections below describe how you can configure an OAuth 2.0 Authorization Code Credential Provider. For detailed examples on configuring the 3rd party applications, please refer to the respective Server Workload pages, such as the Atlassian example.

Credential Provider Configuration​

To configure an OAuth 2.0 Authorization Code Credential Provider, follow the steps outlined below.

  1. Log into your Aembit tenant.

  2. Once you are logged into your tenant, click on the Credential Providers tab in the left navigation pane. You are directed to the Credential Providers page displaying a list of existing Credential Providers. In this example, there are no existing Credential Providers.

Credential Providers - Main Page Empty

  1. Click on the New button to open the Credential Providers dialog window.

Credential Providers - Dialog Window Empty

  1. In the Credential Providers dialog window, enter the following information:
  • Name - Name of the Credential Provider.
  • Description - An optional text description of the Credential Provider.
  • Credential Type - A dropdown menu that enables you to configure the Credential Provider type. Select OAuth 2.0 Authorization Code.
  • Callback URL - An auto-generated Callback URL from Aembit Admin.
  • Client ID - The Client ID associated with the Credential Provider.
  • Client Secret - The Client Secret associated with the Credential Provider.
  • Scopes - The list of scopes for the Credential Provider. This should be a list of individual scopes separated by spaces.
  • OAuth URL - The base URL for all OAuth-related requests. Use the URL Discovery button next to this field to automatically populate the Authorization URL and Token URL if the correct OAuth URL is provided.
  • Authorization URL - The endpoint where user is redirected to authenticate and authorize access to your application.
  • Token URL - The URL where the authorization code is exchanged for an access token.
  • PKCE Required - Configure Aembit to use PKCE for the 3rd party OAuth integration (recommended).
  • Lifetime - The lifetime of the retrieved credential. Aembit uses this to send notification reminders to the user prior to the authorization expiring.

Credential Providers - Dialog Window Completed

  1. Click Save when finished. You will be directed back to the Credential Providers page, where you will see your newly created Credential Provider.

Credential Providers - Main Page With New Credential Provider