Client Settings

Client setting list

In the Admin Console, click the Clients -> Client Settings tab on the left, and you'll see client table view on the right.

Client table contains following fields,

  • Logo: Clients logo will show based on the logo URL

  • Client Name: The "client name" refers to a unique identifier or name assigned to a client application that interacts with an authentication server or identity provider. The client name is used during the registration and configuration process to identify and authenticate the client application when it requests access to protected resources.

  • Type: Selected Client Type will show (Client Side, Server Side, Server to Server, Mobile, Desktop

  • Client ID: After Client Creation will get Unique the Client ID.

  • Owner: MFA Config is false then its a 'Admin'.

Input a keyword in the search box above the Client table, click the 'Search' button, and you'll see the matching users in the table. Search using Client Name.

Create Client

Top right corner Create Client button is there. through that you can create a new client.

To Create a New Client -> Need to fill,

Client Details

Name: The Name is used on the default hosted page to inform the user about the current application he is registering or login.

Logo Url: The Logo URL will be displayed on the App Overview Page but is also used on the default hosted pages to customize your application.

Type: The Type will determine which further app settings you will see and can configure. There are multiple different app Type which we are happy to explain below

1. Client Side: "client-side client creation" refers to the process of creating a client application directly on the client-side, typically within the frontend of a web application or a mobile app. This client application is responsible for handling authentication requests, such as user login and registration, and obtaining the necessary credentials (e.g., access tokens) from the authentication server.

2. Server Side: Server-side client creation in authentication refers to the process of creating and managing client applications on the server-side of an authentication system. Unlike client-side client creation, which takes place on the frontend (client-side) of an application, server-side client creation involves registering and configuring client applications on the backend (server-side) with the authentication server.

3. Server to Server: Server-to-server client creation in authentication refers to the process of creating and configuring client applications for communication between servers without direct user involvement. In this scenario, one server (acting as a client) communicates with another server (acting as a resource server or authentication provider) to access protected resources or perform operations on behalf of users.

Server-to-server client creation is commonly used in backend-to-backend communication, where a server needs to access resources or services from another server securely, without user interaction. This type of communication often involves using secure protocols like OAuth 2.0 and API keys for authentication and authorization.

4. Mobile: A mobile client application is a software application that runs on a mobile device (e.g., smartphones, tablets) and interacts with remote servers or APIs to request data, perform actions, and provide a user interface for mobile users.

5. Desktop: "Desktop type" refers to the process of creating client applications that run on desktop computers. Desktop clients are software applications installed and executed on a user's computer to interact with remote servers, access data, and provide a user interface for users to perform various tasks.

Client Settings

Client Scopes: Scopes have been introduced with OAuth2 to allow an elegant technical way to protect the software services by tagging them with scopes and to control access of Apps (clients) - company owned apps as well as 3rd party apps

Redirect Urls: This setting will permit to which redirect URL Skillmine Authenticator will provide the code or token after successful authentication

Allowed Logout Urls: The allowed logout URLs specify which URLS are allowed to redirect the user to, after successful logout

Token Expiry Time: Tokens, such as JSON Web Tokens (JWT), are commonly used for authentication in modern applications. The token expiry time, also known as the token's "lifetime" or "expiration time," specifies how long the token remains valid before it expires. After the token expires, it becomes invalid and cannot be used for further authentication or authorization.

Inactivity Time: Inactivity time, also known as idle time or session timeout, refers to the period of user inactivity within an application or system. It is the duration during which a user does not interact with the application by clicking, typing, or performing any other activity. Inactivity time is a crucial concept in user session management and security, and it is used to define how long a user's session should remain active before it is automatically terminated.

Allow All Origins: Allow All Origins" is a configuration setting used in web applications to enable Cross-Origin Resource Sharing (CORS) from any origin. CORS is a security feature implemented in web browsers that controls how web pages or web applications can interact with resources from different origins (domains, protocols, or ports) than the one that served the web page.

Company Details

Company Name: The Company Name is used only internally

Policy Url: The Privacy Policy URL will be presented at the bottom of the default hosted pages or profile page to match the regulations if provided

Terms Url: A "Terms URL" (Uniform Resource Locator) refers to the web address or URL that provides access to the terms and conditions of a website or an application.

After filling the Mandatory fields Click -> Save button to create Client.

Once Client is created, then edit the created client to view the Client Id & Client Secret.

Client ID: The client ID will be generated during client creation. It is the unique identifier used across several authentication flows

Client Secret: The client secret will be generated during client creation. It is used e.g. for the client credentials flow and works as a secret. Therefore also you might also want to have a look into the client secret rotation.

Edit Client:

  • To Edit the client details, we can click on Actions Icon in the Client Settings List page.

  • Once user clicks on the this edit button, user is navigated to a form where user can change or edit the Client Settings Details.

  • Screenshot: unable to add.

Below are client details which can be edited:

Client Details

Name: The Name is used on the default hosted page to inform the user about the current application he is registering or login.

Logo Url: The Logo URL will be displayed on the App Overview Page but is also used on the default hosted pages to customize your application.

Type: This an non editable field

Client Settings

Client Scopes: Scopes have been introduced with OAuth2 to allow an elegant technical way to protect the software services by tagging them with scopes and to control access of Apps (clients) - company owned apps as well as 3rd party apps

Redirect Urls: This setting will permit to redirect URL Skillmine Authenticator will provide the code or token after successful authentication

Allowed Logout Urls: The allowed logout URLs specify which URLS are allowed to redirect the user to, after successful logout

Token Expiry Time: Tokens, such as JSON Web Tokens (JWT), are commonly used for authentication in modern applications. The token expiry time, also known as the token's "lifetime" or "expiration time," specifies how long the token remains valid before it expires. After the token expires, it becomes invalid and cannot be used for further authentication or authorization.

Inactivity Time: Inactivity time, also known as idle time or session timeout, refers to the period of user inactivity within an application or system. It is the duration during which a user does not interact with the application by clicking, typing, or performing any other activity. Inactivity time is a crucial concept in user session management and security, and it is used to define how long a user's session should remain active before it is automatically terminated.

Allow All Origins: Allow All Origins" is a configuration setting used in web applications to enable Cross-Origin Resource Sharing (CORS) from any origin. CORS is a security feature implemented in web browsers that controls how web pages or web applications can interact with resources from different origins (domains, protocols, or ports) than the one that served the web page.

Company Details

Company Name: The Company Name is used only internally

Policy Url: The Privacy Policy URL will be presented at the bottom of the default hosted pages or profile page to match the regulations if provided

Terms Url: A "Terms URL" (Uniform Resource Locator) refers to the web address or URL that provides access to the terms and conditions of a website or an application.

Advanced Settings:

Edit Client settings page has a button to configure Advanced Settings, once user clicks on this advanced settings button, user is navigated to the advanced settings page.

Here, In the Advances Settings Page, User can select the Enterprise Provider for example, SAML settings. Once user selects SAML Settings, user is navigated to the SAML Settings Page.

Unable to add the screenshot for SAML settings page as its too big.

In the SAML Settings, user gets the Toggle button to Enable or Disable the SAML IDP Provider.

Once user toggles button to Enable side, user gets the option to fill up the following options to configure SAML IDP Provider:

1) SAML Meta Data URL: A URL where the SAML configuration (such as endpoints and certificates) is hosted, allowing automatic setup for the Service Provider (SP) and Identity Provider (IdP).

2) Certificates: Certificates are used to secure and verify SAML communications, ensuring the integrity and confidentiality of authentication data.

  • SAML Certificates: Public certificate used by the Identity Provider (IdP) to sign SAML assertions, allowing the Service Provider (SP) to verify their authenticity.

  • Signing SHA256 Certificate: Used to sign SAML assertions with the SHA-256 hashing algorithm for added security.

  • Encryption Certificate: Public certificate used by the IdP to encrypt sensitive data in the SAML response, which is then decrypted by the SP.

  • SHA256 Certificate: Like the signing certificate, it’s used for secure hashing and encryption in SAML transactions.

3) SP Metadata: A file or URL that contains the configuration details of the Service Provider (SP), such as its endpoints, supported bindings, and certificates, allowing the Identity Provider (IdP) to interact securely with the SP.

4) IDP initiated Login url: IDP Initiated Login URL: A URL provided by the Identity Provider (IdP) that allows users to initiate the login process directly from the IdP. When accessed, it redirects the user to the Service Provider (SP) with the necessary authentication information, enabling single sign-on (SSO) without starting at the SP’s login page.

Delete Client:

  • Users have the power to delete clients in the system. Deleting a client removes all its content and settings permanently.

  • It's a big decision because once a client is deleted, it can't be brought back.

  • So, it's important to think carefully before deleting a scope.

PreviousOpen Id Connect SetttingsNextScopes

Last updated