Managing Application Accounts

Introduced in 8.7.3

Application accounts, or just applications, provide a security context for third-party applications integrated with Alloy Navigator via the API. This article describes how to create and manage application accounts for external apps.

API access tokens obtained using application accounts grant external applications full unrestricted access to all Alloy Navigator objects and workflow actions, regardless of their availability limited by security roles.

Creating applications

To authenticate an external application against the API, it must provide valid credentials—an application ID and a secret. Those application credentials are issued by Alloy Navigator when you create an application account.

To create an application account:

  1. From the Sidebar, navigate to Users & Security > Accounts and Roles > Applications.and click New. The Application dialog box opens.

  2. Click New. The Application dialog box opens.

  3. In the Application Name field, enter an name of your third-party application. Alloy Navigator will use that name to personalize actions that the application will perform in Alloy Navigator via the API.

  4. Alloy Navigator generates the credentials: Application ID and Secret.

    • Application ID—this is an "application login," an identifier that the application uses when requesting an access token.

    • Secret—this is an "application password," a secret string that the application uses to prove its identity when requesting an access token.

    Copy and save the Application ID and the Secret in a secret place.

  5. Click OK to save your application.

Now you can use these application credentials to obtain an access token and allow the application to access Alloy Navigator. For details, see API User's Guide: Authenticating Applications.

Changing secrets

A secret must be known only to the external application and the authorization server. It protects your Alloy Navigator resources by granting access tokens only to authorized applications.

If an application secret is ever compromised, you should generate a new one, and update all authorized application instances with the new secret. Besides that, it is a good practice to change the application secret from time to time.

To generate a new secret:

  1. From the Sidebar, navigate to Users & Security > Accounts and Roles > Applications and double-click your application. The Application dialog box opens.

  2. Click Generate New Secret. Copy and save the new secret for later use.

  3. Click OK to save your changes.

Now you can update configuration of your external applications to use the new secret. For details, see API User's Guide: Authenticating Applications.

IMPORTANT: Generating a new secret makes all application instances to be unable to connect to Alloy Navigator until they are updated with the new secret.

Disabling or enabling applications

When you need to temporarily deny access to Alloy Navigator for an external application, you can disable its application account in Alloy Navigator. You can enable it when needed.

To disable or enable an application account:

  1. From the Sidebar, navigate to Users & Security > Accounts and Roles > Application.

  2. Right-click the application, and select Disable or Enable from the pop-up menu, correspondingly.

    Alternatively, you can double-click the application to bring up the Application dialog box, and click the Make Inactive or Make Active button there.