Set group scopes for app using a service

Access to an application using a Web service requires user scope for the Web service.

Before you begin
This procedure is provided to give you a quick start, or overview, of configuring user access to applications that rely on Web services. For example, the Genero Identity Provider (GIP) comes with a share file application that allows registered GIP users to share files. The "SharedFileApp" uses the ShareFile Web service. For the purpose of this quick start you will configure user access to this application and Web service. In this task:
  • you test for access to the Genero SharedFile App using the application URL.
  • you set the required scopes for your user group to provide access.
  • you complete the task by testing again for access to the SharedFile App.
  1. Start the Genero SharedFile App
    The SharedFile App is located at http://host:port/gas/ua/r/admin/SharedFileApp.
    Tip: Select the Shared File Application link from the GAS demos page at http://host:port/gas/demos.html.
    At the login page enter the login details for the user ("UserA") you created in Create a user group.
    You get an access is denied message: 
    Access denied : some scopes are required
  2. Log in to the ConsoleApp as administrator.
  3. Select Groups > Manage groups.
  4. From the Group List page, select the group name you created previously in Create a user group.
  5. Double click (or click Modify) to open the Group page.
  6. Select the scopes to give to the group.

    Scopes are listed in the rows under the API, Scope, and Description headings. Your group needs to have these scopes to use the SharedFile App:

    1. Select shareFile
      This scope is required and provides user access to the SharedFile Web service.
    2. Select profile.
      This scope is required by the user to provide their profile information, making it visible to other users.
    3. Select profile.query.
      This scope is required by users sharing files with other users. It allows them to see a list of users and select users for file sharing.
    4. When finished click Save.
Test user access to the SharedFile App:

Repeat step 1 to check that the authorized user ("UserA") you created in Create a user group can access the Genero SharedFile App. See Share files using the Genero SharedFile App for details of how to share files.

What to do next

Having completed this quick start you have a basic configuration of GIP working, allowing registered users access to secured applications and services. There is more to learn. For example, learn how to define and manage scopes for a Web service. See Manage Web services and Manage Web service access scopes. For examples, see Genero Identity Provider scenario.

Explore the Managing GIP components section for details of what to do when managing users, groups, service-to-service apps, etc., or see the GIP components overview topic.

There are different ways to deploy and secure apps, including using scripts that also need to be registered on the GIP. See the topics in the Deploying and securing applications and Web services section.