Use AuthConfig App to enable OAuth2 services

As an Organization Administrator with access to the Licenses and Cloud Services portal, you use the AuthConfig App to manage the relationship between a set of Automation 360 Control Room instances and our OAuth2 (Open Authorization) services. OAuth2 services are used to interact with the Automation 360 Control Room by third-party applications. Currently, you can only use the PixieBrix extension to use the OAuth services to interact with the Control Room.

Note: The availability of this feature is based on your region.
For more details regarding licenses and the PixieBrix extension, click:

You use OpenID tokens to authenticate to the AuthConfig App.

Token overview

Automation Anywhere and the AuthConfig App support the following token types:

  • Control Room registration token: The AuthConfig App generates this token which you enter in the OAuth Settings panel of the Automation 360 Control Room. The Control Room registration token establishes the identity of your Control Room to the AuthConfig App. After you register and enable the token, the Control Room can consume access tokens to call APIs.
  • Access token: A JSON web token generated from an authorization provider after authenticating with an Identity Provider (IdP). Access tokens contain claims that provide information to a resource server. API calls use access tokens to enable an authorized client to gain access to data on the resource server.
  • Refresh token: Refresh tokens provide a method to get new access tokens without having to collect and authenticate credentials every time an access token expires.

The AuthConfig App generates Control Room registration tokens to enable OAuth2 services. The following diagram shows how a registration token flows between the AuthConfig App and the Automation 360 Control Room:

AuthConfig App registration token flow

  1. The Administrator uses the AuthConfig App to generate a registration token.
  2. The registration token is stored in the database.
  3. The Administrator enters the generated registration token into the OAuth Settings in the Automation 360 Control Room.
  4. The registration token is stored in the database.
  5. The registration token is then sent to the AuthConfig App where if the token matches the token stored in the database, the Control Room is registered.
Note: Authorization code flow with PKCE is currently supported.

Benefits

You use the AuthConfig App to:

  • Enable or disable OAuth2 services for an Automation 360 Control Room (On-Premises or Cloud).
  • Configure an Identity Provider (IdP) configuration using a SAML authentication connection for your organization to use with OAuth2 services.
  • Generate registration tokens for each Control Room to securely enable OAuth2 services.

For details about accessing automations in a web scenario with Automation Co-Pilot (extensions) and using a custom widget through Google Chrome extensions, click here.

Prerequisites

Before you use the AuthConfig App:

  • Create your Automation Anywhere community (Apeople) credential: A-People home page (login required).
  • From the Automation 360 Control Room:
    • To enable an IdP authenticated user to use an access token to call a Control Room API, you must also add the IdP authenticated user as a Control Room user.
    • To use access tokens, you must register and enable Control Room instances with OAuth2 services.

After you complete the prerequisites, you can access the AuthConfig App.