Introduction

The OAuth Client is used to integrate with an external application registered with an authentication server such as Azure AD or Google. The OAuth Client will be referenced by one or more Email Connections and will be used to obtain an access token and refresh the access token when it expires.

Creating OAuth Client Records

Step 1	From the Agents & Connections navigation pane, select System > OAuth Clients. The OAuth Client list displays. Below the list, OAuth Client Details for a new OAuth Client record displays.
Step 2	Enter / select Details for a new OAuth Client, using the field descriptions below as a guide. Required fields display an asterisk ( * ) after the field name. Default values for fields, if available, display automatically. To display more of the Details fields on the screen, you can either: Use the scroll bar. Temporarily hide the list above the Details. Click the New button above the list to display a pop-up version of the Details.
Step 3	Click a Save button. The OAuth Client record is added to the database, and all buttons and tabs in the OAuth Client Details are enabled.

Note

To open an existing record on the list, either:

Click a record in the list to display its record Details below the list. (To clear record Details below the list, click the New button that displays above and below the Details.)
Clicking the Details icon next to a record name in the list, or right-click a record in the list and then click Open in the Action menu that displays, to display a pop-up version of the record Details.
Right-click a record in the a list, or open a record and right-click in the record Details, and then click Open In Tab in the Action menu that displays, to display the record Details under a new tab on the record list page (see Record Details as Tabs).

OAuth Client Details

The following OAuth Client Details is for an existing OAuth Client. See the field descriptions, below, for a description of all fields that display in the OAuth Client Details.

For information on how to access additional details - such as Metadata and complete database Details - for OAuth Clients (or any type of record), see Records.

OAuth Client Details Field Descriptions

The following table describes the fields, buttons, and tabs that display in the OAuth Client Details.

Field Name	Description
General	This section contains detailed information about the OAuth Client.
Name	Name used within the Controller to identify this resource. Up to 40 alphanumerics. It is the responsibility of the user to develop a workable naming scheme for resources.
Description	Description of this record. Maximum length is 255 characters.
Member of Business Services	User-defined; Allows you to select one or more Business Services that this record belongs to. (You also can Check All or Uncheck All Business Services for this record.) You can select up to 62 Business Services for any record type, and enter a maximum of 2048 characters for each Business Service. If the Business Service Visibility Restricted Universal Controller system property is set to true, depending on your assigned (or inherited) Permissions or Roles, Business Services available for selection may be restricted.
OAuth Client Details
Provider	Authorization server provider. Options: Azure AD Google Azure AD or Google will automatically populate the Authorization Endpoint and Token Endpoint fields. The Provider cannot be changed after the OAuth Client is created.
Cluster Node Redirect URLs	The URL that the user will be redirected to after authorizing the Universal Controller application. Redirect URLs are specified as '<Universal Controller Base URL>/oauth2/callback'. For example, 'https://example.stone.branch/uc/oauth2/callback'. The Universal Controller will extract the authorization code from the request and exchange it for an access token. The redirect URLs need to match the ones used when registering the Universal Controller application with the authorization server.
Authorization Endpoint	Authorization endpoint for the authorization server. This is used by Universal Controller to obtain a temporary authorization code. Read only.
Token Endpoint	Token endpoint for the authorization server. This is used by Universal Controller to exchange the temporary authorization code for an access token. It is also used by Universal Controller to refresh the access token once it expires. Read only.
Tenant ID	If provider is Azure AD; The tenant identifier. If not specified, defaults to common.
Client ID	Client identifier. This is issued by the authorization server when registering the Universal Controller application.
Client Secret	Client secret. This is issued by the authorization server when registering the Universal Controller application.
Scopes	The list of scopes to request access to. If Provider is Azure AD, use the following scopes: `offline_acce`ss and `https://outlook.office.com/IMAP.AccessAsUser.All` and/or `https://outlook.office.com/SMTP.Send` The `offline_access` scope will be used even if it's not specified explicitly as this is required to obtain a refresh token. If Provider is Google, use the following scope: `https://mail.google.com/`
Metadata	This section contains Metadata information about this record.
UUID	Universally Unique Identifier of this record.
Updated By	Name of the user that last updated this record.
Updated	Date and time that this record was last updated.
Created By	Name of the user that created this record.
Created	Date and time that this record was created.
Buttons	This section identifies the buttons displayed above and below the OAuth Client Details that let you perform various actions.
Save	Saves a new record in the Controller database.
Save & New	Saves a new OAuth Client record in the Controller database and redisplays empty Details so that you can create another new record.
New	Displays empty (except for default values) Details for creating a new record.
Update	Saves updates to the record.
Delete	Deletes the current record.
Refresh	Refreshes any dynamic data displayed in the Details.
Close	For pop-up view only; closes the pop-up view of this record.
Tabs	This section identifies the tabs across the top of the OAuth Client Details that provide access to additional information about the OAuth Client.
Email Connections	Lists all Email Connections that reference this OAuth Client. Click the Details icon to view full email connection record.
Versions	Lists all versions of this OAuth Client. Click the Details icon to view full version record.

Creating an Email Connection

From the Email Connections tab, You can create a new Email Connection that references this OAuth Client by clicking the icon to display details for a new Email Connection record.