Create OAuth connection
- Updated: 2025/08/05
A Control Room administrator can create OAuth connections for users to use these connections in the authentication action for packages without having to enter any authentication details.
The Salesforce mark and logo, the Microsoft SharePoint mark and logo, the Apigee mark and logo, ServiceNow mark and logo, and the Genesys mark and logo are trademarks or registered trademarks of Salesforce, Inc., Microsoft Corp., Google LLC, ServiceNow, Inc., and Genesys, respectively, and are used for identification purposes only.
Prerequisites
- If the Control Room servers are behind a proxy and external connections have to go through the proxy, then configure forward proxy settings as detailed in Configure forward proxy settings.
- Ensure that you are using a user role that has the Manage connections permission enabled for the OAuth Connections feature. See Feature permissions for a role.
- If you are adding more than one scope, ensure that you separate the scopes using
commas.
Example: api,refresh_token,offline_access
- Ensure that you have configured an enterprise application and made a note of the
Client ID, Client secret, Authorization URL, Token URL, and Scope. See Configure enterprise applicationsNote:
- Consider the above prerequisites to avoid a connection error.
- Although the following table lists the applications that are certified, you can configure your enterprise applications using the Provider type as Custom. by selecting
Examples of key components of OAuth
Enterprise applications | Authorization URL | Token URL | Scope |
---|---|---|---|
Apigee | https://accounts.google.com/o/oauth2/auth?prompt=consent&access_type=offline | https://accounts.google.com/o/oauth2/token | https://www.googleapis.com/auth/cloud-platform |
Genesys | https://login.<yourinstance>.pure.cloud/oauth/authorize | https://login.<yourinstance>.pure.cloud/oauth/token | Not required |
Google Workspace (Calendar, Drive, Sheets and Gmail) | https://accounts.google.com/o/oauth2/auth?prompt=consent&access_type=offline | https://oauth2.googleapis.com/token |
|
Jira | https://auth.atlassian.com/authorize | https://auth.atlassian.com/oauth/token | offline_access write:jira-work,read:jira-user,manage:jira-webhook,read:jira-work |
Microsoft Entra | https://login.microsoftonline.com/<tenant>/oauth2/v2.0/authorize | https://login.microsoftonline.com/<tenant>/oauth2/v2.0/token | offline_access,openid,https://graph.microsoft.com/.default |
Microsoft 365 Outlook | https://login.microsoftonline.com/<tenant>/oauth2/v2.0/authorize | https://login.microsoftonline.com/<tenant>/oauth2/v2.0/token | Authorization code Flow: offline_access,openid,https://graph.microsoft.com/.default |
Salesforce | https://<yourinstance>.salesforce.com/services/oauth2/authorize | https://<yourinstance>.salesforce.com/services/oauth2/token | api,refresh_token,offline_access |
ServiceNow | https://<yourinstance>.service-now.com/oauth_auth.do | https://<yourinstance>.service-now.com/oauth_token.do | Not required |
SharePoint | https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize | https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token | https://<domain-name>/AllSites.Manage,offline_access,openid
Note: The OpenID
scope is required only when your apps require the sub
claim in the ID token to identify the end-user. Otherwise, this
scope is optional. |
Procedure
The following video shows how to create an OAuth connection: