View Clients Information

Click [Edit] to view the information for the respective Client. Click the [Sessions] tab to view the active sessions for this client.

Client ID: The Client ID specified or the ID referenced in URI and tokens.

Name: The display name of the Client.

Description: Enter a description for the Client if necessary.

Enabled: Disabled Clients cannot initiate a login or have obtain access tokens. Keep the Client enabled if you would like Users to be able to login.

Consent Required: If enabled, Users have to consent to Client access.

Login Theme: Select theme for login, OTP, grant, registration, and forgot password pages.

Client Protocol: OpenID Connect allows the Clients to verify the identity of the User based on the authentication performed by the Authorization Server. This is not able to be configured.

Access Type: Confidential Clients require a secret to initiate login protocol. Public Clients do not require a secret. Bearer-Only Clients are web services that never initiate a login. This is not able to be configured.

Standard Flow Enabled: This enables standard OpenID Connect redirect based authentication with authorization code. In terms of OpenID Connect or OAuth2 specifications, this enables support of 'Authorization Code Flow' for this client.

Implicit Flow Enabled: This enables support for OpenID Connect redirect based authentication without authorization code. In terms of OpenID Connect or OAuth2 specifications, this enables support of 'Implicit Flow' for this client.

Direct Access Grants Enabled: This enables support for Direct Access Grants, which means that client has access to username/password of user and exchange it directly with FactoryTalk Analytics Security server for access token. In terms of OAuth2 specification, this enables support of 'Resource Owner Password Credentials Grant' for this client.

Service Accounts Enabled: Allow you to authenticate this client to Factory Talk Analytics Security and retrieve access token dedicated to this client. In terms of OAuth2 specification, this enables support of ‘Client Credentials Grant’ for this client.

Authorization Enabled: Enable/Disable fine-grained authorization support for a client.

Root URL: Root URL appended to relative URLs.

Valid Redirect URIs: Valid URI pattern a browser can redirect to after a successful login or logout. Simple wildcards are allowed i.e. 'http://example.com/*'. Relative path can be specified too i.e. /my/relative/path/*. Relative paths are relative to the client root URL, or if none is specified the auth server root URL is used. For SAML, you must set valid URI patterns if you are relying on the consumer service URL embedded with the login request.

Base URL: Default URL to use when the auth server needs to redirect or link back to the client.

Admin URL: URL to the admin interface of the client. Set this if the client supports the adapter REST API. This REST API allows the auth server to push revocation policies and other administrative tasks. Usually this is set to the base URL of the client.

Web Origins: Allowed CORS origins. To permit all origins of Valid Redirect URIs add '+'. To permit all origins add '*'.