OAuth settings
Prerequisite: To configure the OAuth settings, you must have the OAUTH2ADM access code.
The OAuth settings page has three tabs:
- Clients: This tab is for internal KMD use only.
- Integrations: Here you can configure access to WorkZone by the third-party apps registered in your Entra tenant. By default, there are nine built-in integration accounts that you can configure for different third-party apps.
- Confidential clients: Here you can specify an existing WorkZone user that a third-party app can use as an integration user.
The Clients tab
The Integrations tab
Use the Integrations tab to configure access to WorkZone by the third-party apps registered in your Entra tenant. By default, there are nine built-in integration accounts that you can configure for different third-party apps.
Fields on the Integrations tab
| Field | Description |
|---|---|
| Account ID | Name of the integration account. This field is read-only. |
| Object ID | Object ID of Enterprise App registration in Azure |
| Department | Department to which this integration account belongs to. Note: Leave this field empty to apply the integration to your whole organization. |
| Allow impersonation | Enable to allow the integration account to act on behalf of other users |
| Security code |
The security code that applies to. Note: By default the security code is set to 0, meaning that the integration account is disabled.
|
| Departmental access* |
Enable to give the integration account full access to any items within the selected Authority. See Global and departmental access. *This field is only visible, if you have the STJERNADM access code.
|
| Global access* |
Enable to give the integration account full access to any items in the whole organization. See Global and departmental access. *This field is only visible, if you have the STJERNADM access code.
|
Set up a new third-party integration account
- In WorkZone Configurator, click Global > OAuth Settings > Integrations.
- On the OAuth settings page, hover the mouse over the integration account you want to edit, and click
in the menu. - In the [%account_name] - OAuth Integration settings form, fill in and edit the needed settings:
- Account ID: This field is read-only.
- Object ID: Enter the object ID of your Enterprise app registration in Azure.
- Security code: From the dropdown, select the security code.
- Department: Select a department from the dropdown, if this integration should only apply to a specific department within your organization.
- Allow to act on behalf of other users: Turn on to allow this account to act on behalf of other users.
- Departmental access: Turn on to give the integration account full access to any items within the selected Authority.
- Global access: Enable to give the integration account full access to any items in the whole organization.
- Click Save.
The Confidential clients tab
Use the Confidential clients tab to configure access to WorkZone by the third-party apps that are registered in your Entra tenant. On this tab, you can select an already existing WorkZone user account. This gives you the option to create and configure your own WorkZone user accounts in, for example, Active Directory or Entra ID, if you need more than the nine existing integration accounts.
Make an existing WorkZone account an integration user
- In WorkZone Configurator, click Global > OAuth Settings > Confidential clients.
- In the lower right corner, click
Create. - In the Create oAuth2ConfidentialClient dialog fill in the settings for:
- Client name (Optional): Name the new client, so you can easily identify it.
- Object ID: Enter the object ID of your Enterprise app registration in Azure.
- User: Select an existing WorkZone user account to allow the third-party app to act through.
- Click Create.