In case of client credentials grant in the authorized access use case, a client application impersonates a user that has authorized access to 1-to-n server applications. See also Client Credentials Grant - SSO.
Impersonation is configured as a specific link between the application and the user.
NOTE that if there is an impersonation link between an application and impersonates a user the user cannot be which is deleted from the system until also the link has been removed.will be removed. A new user must be linked to the application to make client credentials grant authorized access use case functional again.
About SSO Management API in general, see Management API - SSO.
Manage impersonation from application side
...
Method | Example request | Example response | Description | ||
---|---|---|---|---|---|
GET |
| When there is a link to
| Get the user linked to the given application with an | ||
PUT |
|
| Create or update the link from application to the user. No action if the link between the given application and user already exists. If another user name is given an existing | ||
DELETE |
|
| Remove the link from application to the user. |
Manage impersonation from user side
Link name: impersonatedBy
A The same user may have one-to-many impersonatedBy
links to an applicationseveral applications.
Method | Example request | Example response | Description | ||
---|---|---|---|---|---|
GET |
| When there is a link to both
| Get the applications linked to the given user with an | ||
PUT |
|
| Create or update the link from user to an application. No action if a link between the given user and application already exists. If another application name is given an existing | ||
DELETE |
|
| Remove the link from user to the application. If there are many links you need to delete them one by one. |