Register a Client Application

Following are the required authorizations for registering a client application:

  • OAuth Administrator Role: To use administration tools, an OAuth administrator must have the SAP_OAUTH_ADMIN role assigned.

  • OAuth User Role: To use end user tools and to grant access of user resources to a client, a user must have the SAP_OAUTH_USER role.

Perform the following to register a client application:

  1. Access the administration UI at http://<host>:<port>/oauth/admin.

  2. Open the CLIENTS view to manage or register your client.

    1. Navigate to the Data tab and select the Register New Client button.

      To edit an existing client, select the table row and select the edit icon.

    2. Enter the following data as required.

      Parameter Description

      Name*

      The default name of the client. If no translation for any language is provided, or no translation for the desired locale is found, the default client’s name would be used.

      Description

      The default description of the client. If no translation for any language is provided, or no translation for the desired locale is found, the default client’s description would be used.

      ID*

      The Client’s ID is automatically generated upon client registration.

      The Client ID can contain only alphanumeric characters, underscores, and hyphens, and is up to 255 characters long.

      Authorization Grant*

      Only authorization code is supported as an authorization grant type.

      Secret

      The client secret can only be entered for confidential clients. If a client is marked as confidential, the Secret field is required.

      URL

      The client’s web site URL.

      Redirect URI*

      The redirection endpoint to which the authorization server redirects the user agent after completing its interaction with the resource owner.

      Enter the value as follows:

      https://<host>:<port>/SailpointSapEPArchive/

      Or

      http://<host>:<port>/SailpointSapEPArchive/

      Token Lifetime

      The lifetime of the access tokens issued for this client. The default value is infinite lifetime.

      Refresh Token Lifetime

      The lifetime of the refresh tokens issued for this client. The default value is infinite lifetime. If the value is changed, it must be greater than the value of Token Lifetime.

      Authorization Code Lifetime

      The lifetime of the authorization codes issued for this client. The default value is 30 minutes.

      Only positive numbers are allowed for Token Lifetime, Refresh Token Lifetime and Authorization Code Lifetime.

    3. Save the configuration.