Managing Application Accounts

Introduced in 8.7.3

Application accounts, or just applications, provide a security context for third-party applications integrated with Alloy Navigator Express via the API. This article describes how to create and manage application accounts for external apps.

API access tokens obtained using application accounts grant external applications full unrestricted access to all Alloy Navigator Express objects and workflow actions, regardless of their availability limited by security roles.

Creating applications

To authenticate an external application against the API, it must provide valid credentials—an application ID and a secret. Those application credentials are issued by Alloy Navigator Express when you create an application account.

To create an application account:

  1. From the Sidebar, navigate to Accounts and Roles > Applications.and click New. The Application dialog box opens.

  2. Click New. The Application dialog box opens.

  3. In the Application Name field, enter an name of your third-party application. Alloy Navigator Express will use that name to personalize actions that the application will perform in Alloy Navigator Express via the API.

  4. Alloy Navigator Express generates the credentials: Application ID and Secret.

    • Application ID—this is an "application login," an identifier that the application uses when requesting an access token.

    • Secret—this is an "application password," a secret string that the application uses to prove its identity when requesting an access token.

    Copy and save the Application ID and the Secret in a secret place.

  5. Click OK to save your application.

Now you can use these application credentials to obtain an access token and allow the application to access Alloy Navigator Express. For details, see API User's Guide: Authenticating Applications.

Changing secrets

A secret must be known only to the external application and the authorization server. It protects your Alloy Navigator Express resources by granting access tokens only to authorized applications.

If an application secret is ever compromised, you should generate a new one, and update all authorized application instances with the new secret. Besides that, it is a good practice to change the application secret from time to time.

To generate a new secret:

  1. From the Sidebar, navigate to Accounts and Roles > Applications and double-click your application. The Application dialog box opens.

  2. Click Generate New Secret. Copy and save the new secret for later use.

  3. Click OK to save your changes.

Now you can update configuration of your external applications to use the new secret. For details, see API User's Guide: Authenticating Applications.

IMPORTANT: Generating a new secret makes all application instances to be unable to connect to Alloy Navigator Express until they are updated with the new secret.

Disabling or enabling applications

When you need to temporarily deny access to Alloy Navigator Express for an external application, you can disable its application account in Alloy Navigator Express. You can enable it when needed.

To disable or enable an application account:

  1. From the Sidebar, navigate to Accounts and Roles > Application.

  2. Right-click the application, and select Disable or Enable from the pop-up menu, correspondingly.

    Alternatively, you can double-click the application to bring up the Application dialog box, and click the Make Inactive or Make Active button there.