Configure certificate-based authentication using OAuth connection

Certificate-based authentication is a highly secure method that uses digital certificates for authenticating clients. This authentication provides robust mutual authentication which guarantees the identity of the client and server and eliminates the necessity for passwords.

前提条件

You can enhance the security of your applications and services using a private key JWT. This support is currently for Microsoft Entra as the provider.

手順

  1. Navigate to Manage > OAuth connections.
  2. Click Create connection.
    The Connection settings screen appears.
  3. Select a Provider type as Microsoft Entra.
    注: The Callback URL is used in your enterprise application configuration settings to connect to the Control Room.
  4. Enter a unique Connection name to identify the connection.
  5. オプション: Enter a Description for the connection.
  6. Click Next.
    The Authentication details screen appears.
  7. Select a Grant type.
  8. Select the Client authentication method as Client Authentication Private Key JWT.
  9. Enter the Client ID that is provided by the provider for your account.
  10. Enter the Authorization URL used to obtain an authorization code for your account.
  11. Enter the Token URL used to exchange an authorization code for an access token.
  12. オプション: Enter Scope.
    Image displaying the OAuth authentication details page
    This information is used as claims (information about the user) in an access token and forwarded to the resource server to limit access.
    注: If you are adding more than one scope, ensure that you separate the scopes using commas or space separated delimiter.
  13. Click Next.
    The Test connection and save credentials screen appears.
  14. オプション: Select the Save login credentials.
  15. オプション: Click Save changes and test connection.
  16. Click Next.
    The Invite roles screen appears.
  17. Select the roles that you want to invite to use this connection. Only invited roles can use the token in a bot, whether it is private, shared, or both.
    Image displaying the OAuth invite roles page
    注: Only custom roles are displayed in the list of Available roles.
  18. Click Create connection.