Use OAuth to access Process Intelligence

OAuth is an authorization protocol that allows granting one service (application) the right to access user resources on another service. The protocol eliminates the need to pass the application a username and password and allows a third-party application to gain limited access to an application or service, on behalf of a resource owner.

For interaction between the Recording Service and Process Intelligence components, it is recommended to register the Recording Service as a client on the Process Intelligence website.

Before you begin, ensure you have administrator permissions assigned.

Overview

  1. Register the Recording Service as a client on the Process Intelligence website and obtain credentials.

    For more information, see Register a new OAuth client on the Process Intelligence website.

  2. On the Recording Service website, specify the connection details to Process Intelligence using the credentials you obtained at step 1.

    For more information, see Configure authentication settings in the Recording Service.

Register a new OAuth client on the Process Intelligence website

  1. Log into the Process Intelligence website using the credentials specified during installation.
  2. Navigate to Account Settings > OAuth tab and click Register client.
  3. On the registration page, complete the following fields:
    1. Name – Enter a unique name that identifies the application that you require OAuth access for. For example, RecordingService.

      The specified name is then presented to a user in the consent screen on the Recording Service website, make it clear to your users.

    2. App URL – Enter the URL that hosts the Recording Service. For example, https://recorder.myCompany.com

    3. Redirect URI– Enter the callback URL that the authorization server redirects to. Enter the full URL of the clients requesting access to the resource, appended by /api/auth/callback. For example, https://recorder.myCompany.com/api/auth/callback

      To get the correct App URL and Redirect URI for the Recording Service, open the Recording Service website in your browser and go to the Settings tab. There you will find the "Timeline Authentication Guide". Find the value you need, copy, and paste it into the appropriate field on the Register OAuth Client form on the Timeline website.

    4. Client logo – This is optional. You can upload an image to use as the application logo. The logo appears on the approval page when you receive a request to grant a client application access to a restricted resource on the instance.
    5. Confidential client – Select Confidential clients as the Recording Service is able to securely authenticate with the authorization server.
    6. Scopes – Select Read projects and Write projects scope values to request access to submit data from the Recording Service to Process Intelligence. An application can request one or more scopes, this information is then presented to a user in the consent screen, and the access token issued to the application will be limited to the scopes granted.
  4. Click Register.

    The Client ID and Client Secret details are auto-generated.

  5. Copy the Client ID and Client Secret fields for use on the Recording Service.

Configure authentication settings in the Recording Service

  1. Log into the Recording Service website you installed during Recording Service installation.
  2. Navigate to Settings> Timeline authentication and complete the following fields:
    1. Process Intelligence URL – Enter the URL of the Process Intelligence website.
    2. Client ID and Client Secret – Enter the Client ID and Client Secret you obtained after registering the client above.
  3. Click Save connection and wait for the notification to appear.

    If the connection is successful, it displays Save. Otherwise, the following error displays: 'The server is unreachable, please notify the administrators and try again later'.
    If the connection fails:

    1. Check the connection settings you specified above.

    2. Ensure the Process Intelligence website is available.

    3. Ensure the firewall settings. For more information, see Network connection settings.

    4. Make sure the ports specified during the Recording Service installation are not being used by other applications. For more information, see Check TCP/IP port availability.