1. Using Oracle Cloud Infrastructure Process Automation
  2. Workspace Administration
  3. Manage Credentials in Workspace
  4. Manage Global Credentials
  5. Add Global OAuth Credential (JWT Assertion)

Add Global OAuth Credential (JWT Assertion)

As a Process Automation Administrator, you can define a global OAuth credential of JWT assertion grant type in Workspace. In Designer, Process Automation Designers can find and use this credential while configuring connectors to interact with other applications and services.

  1. From the Workspace navigation pane, click and expand Administration, and then click Credentials.
    The Credentials page appears. If you're not on the Global credentials page, click the Global tab.
  2. On the top right of the Global Credentials page, click Create global credentials.
  3. From the drop-down list that displays, select OAuth Credentials.
    The Add a new OAuth credential dialog displays.
  4. In the Add a new OAuth credential dialog, enter the following details:
    To get the information you need to complete the fields, see:
    Field Information to Enter
    Grant Type Select JWT Assertion from the drop-down menu.
    Folder Name

    Specify the folder in which to store the credential. This single level folder structure enables you to organize credentials by grouping them in folders.

    • To save the credential in the default Common folder, leave Common selected.
    • To save the credential in a new folder, click the Create new link and enter a new folder name.

    You can’t change a global credential’s folder later.
    Credential Name

    Enter a name to identify the credential. You can’t change a global credential’s name later.
    Target URL

    Enter the base URL that the connector will access in connector calls.
    Username

    This is auto-populated with the username with which you logged into your Process Automation instance.

    This user name is needed only for validation for the JWT assertion credential. It's not part of the JWT credential itself and isn't stored in the Credential service.
    Client Id Enter the OAuth client ID that you obtained.
    Private Key Enter the base-64 encoded private key.
    Scope

    Specify the scope you defined while creating the confidential application.

    Scope sets limits on an application’s access to a user’s account. For example, use the scope parameter to enable the access token to grant different levels of access to Oracle IDCS APIs.
    OAuth Token URL Either select Local Identity Domain or enter the token URL from the OAuth provider. For example: https://idcs-aaaaaaaa.identity.aaaaaa.aaaa.com/oauth2/v1/token.
    x5t Specify the base64 encoded SHA-1 thumbprint of public certificate.
    Description Optionally, specify how the authentication will be used.
  5. Click Submit.
The global credential is listed under the Global tab. Process Automation Designers can now find and select the global credential when creating connectors that use the same base URL, as described in Use Global Credentials.