Resource Types

Microsoft Azure Active Directory is now Microsoft Entra ID

The Resource Types node exposes your existing Resource Types and their corresponding Resource Type Parameters (think of the Resource Type as a container for the parameters required to connect to a particular service). Resource Types are usually system-specific and there may be several default Resource Types already installed in your environment. If your installation does not already contain a Resource Type for the service you want to connect to, you will need to create a new Resource Type.

On the Resource Types screen you can add, edit or delete Resource Types and their corresponding parameters. (Note that Resource Type Parameters will only display after selecting a Resource Type, since parameters are specific to a Resource Type.) Each OAuth system may have unique parameters within the OAuth protocol, and each parameter used for requesting and responding needs to be defined.

Deleting or editing Resource Types and Resource Type Parameters might break services or applications that rely on those items. Do not delete or edit these items unless you understand the impact of doing so.

Resource Type Parameters

Although OAuth2 is an industry-standard authorization framework, each OAuth2 implementation can vary slightly in regard to the parameters used during the token flows. For this reason, OAuth resource configurations between services will also vary. The first step of this process is to discover what parameters and parameter values are used by the external OAuth resource for authorization, token and refresh requests.

For example, the Azure Active Directory OAuth2 implementation uses an encrypted 'client_id' parameter for Authorization requests, Token requests and Refresh requests. It also uses the following parameters: grant_type, api_version, scope, client_secret, resource, entity_id, response_type and redirect_uri. All of these properties make up the external OAuth resource configuration.

Each of the parameters used in the external OAuth resource needs to be defined as a Resource Type Parameter within the OAuth Resource Type. These definitions are used when communicating with the external OAuth URI.

Store Encrypted Value

Use the Store Encrypted Value option to encrypt sensitive information for OAuth resource type parameters such as a client_secret.

When you select this option, all values associated with this parameter are encrypted in the K2 database and masked (hidden) with dots in the user interface. When typing new values into the fields on the configuration screen, the values display in clear text, and when you save it, dots replace the values in all user interfaces. The encryption and masking of the values have no impact on using the OAuth resource. OAuth flows still use the values as before in an unencrypted way. The option only affects how it is stored in the database and how it is shown in user interfaces.
When the option is selected, it applies to the following values:

  • OAuth resource type parameter default values - Authorization, token, and refresh default values.
  • OAuth resource parameter values linked to the specific OAuth resource type parameter - Authorization, token, and refresh values.
  • OAuth resource parameter token replacement values linked to the specific OAuth resource type parameter.

  • Once you select the option and save the configuration, it cannot be reverted. This is to protect the sensitive information from any compromise. If you no longer want to store a particular parameter's value as encrypted, you must delete and recreate the parameter. This deletes the parameter from all linked resources, and you must re-enter the value for the new parameter.
  • When using the Store Encrypted Value option, note that the following values have a limit of 3950 characters when encrypted:
    • Authorization Default Value
    • Token Default Value
    • Refresh Default Value

See OAuth resources and the protection of sensitive information for information about how this feature affects your existing OAuth resource type parameters.