Manage applications
Use the Console App to manage the access to the applications and service applications whose access is to be managed by the Genero Identity Provider (GIP) on the selected Genero Application Server.
Applications: apps and service apps
The Genero Identity Provider (GIP) can manage the access to:
- Genero applications that are run on behalf of a user (called apps in the Genero Console App interface)
- Genero applications that do not have to be run on behalf of a user (called service to service apps in the Genero Console App interface). This type of app often refers to a script that runs without user interaction, often on a timed schedule. One example of a service to service app would be a monitoring tool that runs at night; it could be a simple Genero script or a graphical tool. Another example could be a bash application with no user behind it.
How applications get in the list
Two methods can secure an application by the GIP:
Manage apps
Select
to view the list of apps and service to service apps managed by the Genero Identity Provider (GIP). Only those applications deployed by the logged-in user are shown; ensure you log in to the Console App as the user who deployed the apps.Select the row of the app you want to manage and click Modify.
Manage app info
You can update the information regarding the app or service to service app, to include the:
- Description
- Use this field to describe the app or service app.
- Client ID
- The Client ID is generated by the GIP.
- Secret ID
- The Secret ID is generated by the GIP.
- Redirect URLs
- The redirect URL (or URLs) is the URL of the OpenIDConnect service on the GAS where the app has been installed. It is the GAS URL + address of the OpenIDConnect service (provided by default in GWS, and called OpenIDConnectServiceProvider.xcf) + the entry point of the service (by default, "oauth2callback") where the IdP will redirect the user-agent to provide the OAuth2 ID token.
Manage scopes
You can also update the authorization, required and optional scopes (for applications) or scopes (for service to service applications).
For the managed app:
- The authorization scope identifies the scopes that will permit to access the app. If you need a new authorization scope that is not listed, create the authorization scope in the Console App using the Manage authorization scopes. menu. See
- The required scopes are those scopes required to use the application.
- The optional scopes are those scopes required by some parts of the application; however the application can still be run without the user having these scopes; it may not be fully functional.
For the managed service to service app, the scopes identify those scopes that the service application needs to run its scripts.