Using an mTLS Certificate with OAuth 2.0 Authentication
Overview
mLTS (Mutual Transport Layer Security) certificates add an extra layer of security on top of other integrations. You can link mTLS certificates to most service authentication types available on the Services Administration page. To add certificates to your environment, though, you'll use Certificate Management.
NOTE Some authentication types don't support using mTLS certificates. These include: Canada Post, Decryption (GPG), Encryption (GPG), FTP, Google Places, HMAC, Plaid, SFTP, and Twilio.
From Certificate Management, you can easily add, view, and manage mTLS certificates in your environment. After adding a certificate to your environment, you have a few options for how and where to link services to the certificate. In this article, you'll see how to link a certificate to a service when adding the service in Services Administration.
TIP These instructions assume you already added the certificate to your environment's Certificate Management page. To learn how, search for the Certificate Management article in our In-Product Help.
What You'll Learn
In this article you'll learn how to:
-
Add an OAuth 2.0 authentication service to Services Administration.
-
Add an mTLS certificate to your OAuth 2.0 authentication service.
Adding an OAuth 2.0 Authentication Service to Services Administration
Let's start by setting up the OAuth 2.0 authentication service. Here, you'll use the OAuth2 Client Credentials Grant authentication type.
| 1. | Click the Settings drop-down at the top right of the Unqork Designer Platform. |
| 2. | Click Administration. |
| 3. | Under Integration, select Services Administration. |
| 4. | Enter a title for your service in the Service Title field. For example, OAuth2 + mTLS Certificate. |
| 5. | Enter a name for your service in the Service Name field. For example, OAuth2-mTLS-Certificate. |
TIP The Service Name is final once created. You can, though, update the Service Title later.
| 6. | Enter the service protocol in the Service Protocol + Host field. |
| 7. | Select OAuth2 Client Credentials Grant from the Type of Authentication drop-down. |
After selecting the Type of Authentication, prompts appear for more information. Different authentication types have different setup needs. For example, in the case of OAuth2 Client Credentials Grant, you'll see the following fields: Access Token URL, Client ID, Client Secret, and Scope.
| 8. | Enter the access token in the Access Token URL field. |
| 9. | Enter the client ID in the Client ID field. |
| 10. | Enter the client secret in the Client Secret field. |
| 11. | If required, enter the scope in the Scope field. This field is optional. |
Adding an mTLS Certificate to an Authentication Service
Next, you'll use the Enable Mutual TLS setting to link the mTLS certificate to your service. You can follow these steps to add an mTLS certificate to any service that supports it.
| 1. | Select the Enable Mutual TLS checkbox. |
| 2. | From the Certificates drop-down, select a certificate. |
| 3. | Click Add Service. |
