Create OAuth connection
- Updated: 2025/02/11
A Control Room administrator can create OAuth connections for users to use these connections in the authentication action for packages without having to enter any authentication details.
Note: The Salesforce mark and logo, the Microsoft SharePoint mark and logo, the Apigee mark and logo, ServiceNow mark and logo, and the Genesys mark and logo are trademarks or registered trademarks of Salesforce, Inc., Microsoft Corp., Google LLC, ServiceNow, Inc., and Genesys, respectively, and are used for identification purposes only.
Prerequisites
- Ensure that you are using a user role that has the Manage connections permission enabled for the OAuth Connections feature. See Feature permissions for a role.
- If you are adding more than one scope, ensure that you separate the scopes using
commas.
Example: api,refresh_token,offline_access
- Ensure that you have configured an enterprise application and made a note of the
Client ID, Client secret, Authorization URL, Token URL, and Scope. See Configure enterprise applicationsNote:
- Consider the above prerequisites to avoid a connection error.
- When configuring OAuth, the Scope field is optional. Consult with the identity provider (IDP) to determine the required scopes.
Table 1. Examples Enterprise applications Authorization URL Token URL Scope Apigee https://accounts.google.com/o/oauth2/auth?prompt=consent&access_type=offline https://accounts.google.com/o/oauth2/token https://www.googleapis.com/auth/cloud-platform Genesys https://login.<yourinstance>.pure.cloud/oauth/authorize https://login.<yourinstance>.pure.cloud/oauth/token Not required Google Workspace (Calendar, Drive, Sheets and Gmail) https://accounts.google.com/o/oauth2/auth?prompt=consent&access_type=offline https://oauth2.googleapis.com/token - Google Sheets: https://www.googleapis.com/auth/drive, https://www.googleapis.com/auth/spreadsheets
- Google Drive: https://www.googleapis.com/auth/drive
- Google Calendar: https://www.googleapis.com/auth/calendar
- Gmail :
https://developers.google.com/identity/protocols/oauth2/scopes#gmail
https://mail.google.com/,https://www.googleapis.com/auth/gmail.readonly,https://www.googleapis.com/auth/gmail.send
Jira https://auth.atlassian.com/authorize https://auth.atlassian.com/oauth/token offline_access write:jira-work,read:jira-user,manage:jira-webhook,read:jira-work Microsoft Entra https://login.microsoftonline.com/<tenant>/oauth2/v2.0/authorize https://login.microsoftonline.com/<tenant>/oauth2/v2.0/token offline_access,openid,https://graph.microsoft.com/.default Microsoft 365 Outlook https://login.microsoftonline.com/<tenant>/oauth2/v2.0/authorize https://login.microsoftonline.com/<tenant>/oauth2/v2.0/token Authorization code Flow: offline_access,openid,https://graph.microsoft.com/.default Salesforce https://<yourinstance>.salesforce.com/services/oauth2/authorize https://<yourinstance>.salesforce.com/services/oauth2/token api,refresh_token,offline_access Note: If no scopes are given in the connect command, the connection will use the scope assigned to the user by default.ServiceNow https://<yourinstance>.service-now.com/oauth_auth.do https://<yourinstance>.service-now.com/oauth_token.do Not required SharePoint https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token https://<domain-name>/AllSites.Manage,offline_access,openid Note: The OpenID scope is required only when your apps require the sub claim in the ID token to identify the end-user. Otherwise, this scope is optional.
Procedure
The following video shows how to create an OAuth connection: