Skip to content

Client Applications

The Administration > Client Applications page allows the administrator of the system to configure authentication and authorization using Login Accounts for adapter hub services or other related applications.

  • Client applications are configured with the Implicit Grant Type used primarily for single-page applications (SPAs).
  • This explains the flow used for getting access tokens used for accessing the Client Application.
  • If a login is linked to an external domain account then it will be listed in the Linked Domain Account column and any credentials previously stored in the local database will be treated as invalid
  • Login Accounts can be configured for Multi-Factor Authentication (MFA) using a time-based, one-time password authenticator app. If enabled, you can reset the MFA for logins from the list on this page.

Add or Edit Client Applications

Client Applications can be created and modified using the Administration > Client Applications page.

Each application must have:

  • A unique clientId
  • A display name, used to display the client application and its roles in Login Accounts
  • One or more locations, where authentication details are returned after logging in to this client
  • The locations will be URL(s) specific to this client's host, and should be secure (HTTPS)

The application may also assign:

  • The accessTokenLifetimeSeconds, which configure how long access tokens issued for this client should be valid
  • One or more logoutLocations, which can be used to return to the client application after signing out
  • The logoutLocations will also be URL(s) specific to this client's host, and should be secure (HTTPS)
  • One or more scopes, which specify what information should be accessible by this application
  • The common "openid", "profile", and "email" scopes may be specified to return information about the Login Account, and other scopes may be added for specific access to the Client Application
  • One or more roles may be configured to assign role information to Login Accounts

Roles and Scopes are returned in the access token issued to this client application so that the application can control authorization to its resources.

When using a client application, you can import a JSON file containing a template for the application's settings. A simple example of a client application template:

  "clientId": "myClient",
  "name": "Client Application",
  "accessTokenLifetimeSeconds": 3600,
  "locations": [
  "logoutLocations": [
  "scopes": [
  "roles": [

Delete Client Applications

Removing a client application will prevent it from using UIP for authentication and authorization services. In order to remove the application, any logins with roles assigned for that application must be modified.