Set group scopes for app using a service

Access to an application using a Web service requires user scope for the Web service.

Before you begin
This procedure is provided to give you a quick start, or overview, of configuring user access to applications that rely on Web services. For example, the Genero Identity Provider (GIP) comes with a share file application that allows registered GIP users to share files. The "SharedFileApp" uses the ShareFile Web service.
Note:

It is assumed you have opted to install the "Shared file demo" feature in your GIP installation, otherwise you will need to install it to complete this task.

For the purpose of this quick start you will configure user access to the SharedFileApp and ShareFile Web service. In this task:
  • you test for access to the SharedFile App using the application URL.
  • you set the required scopes for your user group to have access.
  • you complete the task by testing again for access to the SharedFile App.
  1. Start the SharedFile App.
    The SharedFile App is located at http[s]://host:port/[gas/]ua/r/admin/SharedFileApp.
    Tip:

    Select the Shared File Application link from the GAS demos page at http[s]://host:port/[gas/]/demos.html.

    At the login page enter the login details for the user you created in Create a user group and a user.
    You get an access is denied message: 
    Access denied : some scopes are required
  2. Log in to the Console App as administrator.
  3. Select Groups > Manage groups.
  4. From the Group List page, select the group name you created previously in Create a user group and a user.
  5. Doubleclick (or click Modify) to open the Group page.
  6. Select the scopes to give to the group.

    Scopes are listed in the rows under the Scope heading, which you can find by looking for "Profile" and "SharedFile" in the API column. Your group needs to have these scopes to use the SharedFile App:

    1. Select shareFile
      This scope is required and provides user access to the SharedFile Web service.
    2. Select profile.
      This scope is required by the user to provide their profile information, making it visible to other users.
    3. Select profile.query.
      This scope is required by users sharing files with other users. It allows them to see a list of users and select users for file sharing.
    4. When finished click Save.
Test user access to the SharedFile App:

Repeat step 1 to check that the authorized user you created in Create a user group and a user can access the Genero SharedFile App. See Share files using the SharedFile App for details of how to share files.

What to do next

Having completed this quick start you have a basic configuration of GIP working, allowing registered users access to secured applications and services. There is more to learn. For example, learn how to define and manage scopes for a Web service. See Manage Web services and Manage Web service access scopes. For examples, see Genero Identity Provider scenario.

Explore the Managing GIP components section for details of what to do when managing users, groups, service-to-service apps, etc.

There are different ways to deploy and secure apps, including using scripts. Scripts also need to be registered on the GIP. See the topics in the Deploying and securing applications and Web services section.