Authorization

Guides Authorization
Edit this page

Authorization

Some applications require explicit Admin authorization before use with an enterprise. The steps an Admin needs to take are dependent on the developer-selected authentication method and enabled enterprise settings.

Authentication methods

The following authentication methods always require explicit Admin authorization:

These authentication methods automatically generate a Service Account. With the right scopes enabled, a Service Account can perform many Admin actions, thus requiring Admin authorization before use.

OAuth 2.0 and App Token apps may also require explicit Admin authorization based on enabled enterprise settings.

Enterprise settings

Subsequent steps are required if any of the following enterprise settings are enabled:

  • Disable published apps by default
  • Disable unpublished apps by default
  • Require manual admin authorization for transactional access apps

These settings can be found by navigating to:

Admin Console > Apps > Custom Apps > click the ⚙ icon

Published apps are any applications that can be found in our App Gallery.

Required actions

To see what steps an Admin must complete for a given app, review the following scenarios.

Disable published apps by default:

Authentication MethodEnabledDisabled
OAuth 2.0Set to available in individual app controlsReady for use
Server Authentication (with JWT)N/AN/A
Server Authentication (client credentials)N/AN/A
App Token AuthenticationN/AN/A

Disable unpublished apps by default:

Authentication MethodEnabledDisabled
OAuth 2.0Add to allow listReady for use
Server Authentication (with JWT)Authorize in Apps > Custom Apps and add to allow listAuthorize in Apps > Custom Apps
Server Authentication (client credentials)Authorize in Apps > Custom Apps and add to allow listAuthorize in Apps > Custom Apps
App Token AuthenticationAdd to allow listReady for use

Require manual admin authorization for transactional access apps:

Authentication MethodEnabledDisabled
OAuth 2.0N/AN/A
Server Authentication (with JWT)N/AN/A
Server Authentication (client credentials)N/AN/A
App Token AuthenticationAuthorize in Apps > Custom AppsAutomatically authorized upon creation