Set group authorization scopes

Authorization scopes allow users access to application protected by the GIP.

Authorization scopes are scopes to manage access to applications protected by the GIP. They are used to establish the user's identity and define the access level. For more information on authorization scopes, see Groups are not Authorization Scopes.

From the ConsoleApp, you can set authorization scopes for users by assigning scopes to the group.

  1. Log in to the ConsoleApp as administrator
    The Console App is located at http://host:port/gas/ua/r/admin/ConsoleApp.
    Tip: Select the Console application link from the GAS demos page at http://host:port/gas/demos.html page.
  2. Select Groups > Manage groups.
  3. From the Group List page, select the group name you created previously in Create a user group.
  4. Double click (or click Modify) to open the Group page.
  5. Select the scopes to give to the group.

    Select Role.User from the row under the API, Scope, and Description heading. By default, the openid scope is selected. When finished click Save.

    Note: Authorization scopes: openid, Role.User
    These are default authorization scopes:
    1. openid, is the scope required by the Openid API to support OpenID-Connect authentication and Single sign-on.
    2. Role.User, is a scope defining the access level for a standard user of the Genero Identity Platform required by the Authorization API.
    Your group needs to have at least these scopes. Later you will return to this page to select more scopes required for the applications and services users access.