Use OAuth to access Process Intelligence

OAuth is an authorization protocol that allows granting one service (application) the right to access user resources on another service. The protocol eliminates the need to pass the application a username and password and allows a third-party application to gain limited access to an application or service, on behalf of a resource owner.

For interaction between the Recording Service and Process Intelligence components, it is recommended to register the Recording Service as a client on the Process Intelligence website.

Before you begin, ensure you have administrator permissions assigned.

Overview

  1. Register the Recording Service as a client on the Process Intelligence website and obtain credentials.

    For more information, see Register a new OAuth client on the Process Intelligence website.

  2. On the Recording Service website, specify the connection details to Process Intelligence using the credentials you obtained at step 1.

    For more information, see Configure authentication settings in the Recording Service.

Register a new OAuth client on the Process Intelligence website

  1. Log into the Process Intelligence website using the credentials specified during installation.
  2. Navigate to Account Settings > OAuth tab and click Register client.
  3. On the registration page, complete the following fields:

    1. App name – Enter a unique name that identifies the application that you require OAuth access for. For example, RecordingService.

    2. App URL – Enter the URL that hosts the Recording Service. For example, https://recorder.myCompany.com

    3. Redirect URI– Enter the callback URL that the authorization server redirects to. Enter the full URL of the clients requesting access to the resource, appended by /api/auth/callback. For example, https://recorder.myCompany.com/api/auth/callback

    4. Client logo – This is optional. You can upload an image to use as the application logo.
    5. Confidential client – Select Confidential clients as the Recording Service is able to securely authenticate with the authorization server.
    6. Scopes – Select Read projects and Write projects scope values to request access to submit data from the Recording Service to Process Intelligence.

  4. Click Register new client.

    The Client ID and Client Secret details are auto-generated.

  5. Copy the Client ID and Client Secret fields for use on the Recording Service.

Configure authentication settings in the Recording Service

  1. Log into the Recording Service website you installed during Recording Service installation.
  2. Navigate to Settings and complete the following fields:
    1. Process Intelligence URL – Enter the URL of the Process Intelligence website.
    2. Client ID and Client Secret – Enter the Client ID and Client Secret you obtained after registering the client above.

  3. Click Save connection and wait for the notification to appear.

    If the connection is successful, it displays Save. Otherwise, the following error displays: 'The server is unreachable, please notify the administrators and try again later'.
    If the connection fails:

    1. Check the connection settings you specified above.

    2. Ensure the Process Intelligence website is available.

    3. Ensure the firewall settings. For more information, see Network connection settings.

    4. Make sure the ports specified during the Recording Service installation are not being used by other applications. For more information, see Check TCP/IP port availability.