Skip to content

Authorization Profile

The Agent Platform enables secure and efficient authentication when integrating with external web services. By configuring an Authorization (Auth) Profile, users can manage access control while ensuring data protection and regulatory compliance. Whether connecting to an external/commercial model using a custom API or setting up a tool integration via the AI or API node, the platform provides a structured framework for managing authentication flows, simplifying security configurations, enhancing access control, and ensuring seamless identity verification across different services.

Managing Auth profiles on the Agent Platform allows developers to:

  • Define Rules, including authentication methods and requirements, such as passwords, additional fields, and custom authorization fields.
  • Secure Access to authorized users or systems only.
  • Reuse profiles across multiple endpoints or applications for consistency and efficiency.
  • Test and validate the connection to ensure user identity information and authentication tokens are securely passed to external services.

Access Authorization Profile

To access the feature, follow the steps below:

  1. Sign in to your Agent Platform account.
  2. Navigate to the Settings console.
  3. Click Security & Control > Authorization profile on the left navigation menu. auth profile access

Supported Auth Models

You can enable a single auth profile or create custom profiles tailored for accessing third-party web services. These profiles support the following authorization types:

OAuth V2

OAuth 2.0 (OAuth2) is a standard authorization framework that enables applications to obtain limited, secure, and token-based access to a user’s account on an HTTP service, such as Google, Facebook, or GitHub, without exposing the user's credentials. It supports multiple grant types, uses scopes for permissions, and enables long-term access with refresh tokens, making it ideal for API authentication.

Key Features

  • Secure, Token-Based Authorization – Grants access without sharing user credentials, using short-lived access tokens.

  • Multiple Authorization Flows – Supports different grant types (e.g., Authorization Code, Client Credentials) for various use cases.

  • Scope-Based Access Control – Users can grant apps limited permissions (e.g., read-only access).

  • Refresh Token Support – Enables seamless re-authentication without requiring user login.

  • Third-Party & Scalable Integration – Widely adopted for API authentication, allowing secure third-party access (e.g., "Sign in with Google").

Add Authorization Profile

To add a new Auth profile, you must first set up the required auth fields with the steps below:

  1. Navigate to the Authorization Profile feature.
  2. Click Create Authorization Profile if this is your first auth profile. create auth profile

Otherwise, click Add new auth. add new auth profile

  1. In the New Authorization Mechanism dialog, select oauth v2 for Authorization Type. select oauth v2
  2. In the Identity Provider Name field, enter a name for the authorization type, which is mandatory. identity provider
  3. Provide the values for the mandatory OAuth2 authorization fields. For details, refer to the Define Authorization Fields section. If the mandatory fields are left blank, validation error messages appear, as shown below. validation errors
  4. (Optional) Click + Add Additional Field to add additional fields for authentication. See the Add Additional Field section.

Note

If the default Username and Password fields do not meet your authorization requirements, you can add custom fields using additional fields or authorization IDP form fields to the authentication process. For example, if a PIN code is required in addition to the standard login fields, you can include it as an extra input for the end user.

  1. (Optional) Click + Add Authorization Field to add additional auth fields to your profile. For more information, see the Add Authorization Field section.
  2. Click Save new Auth.
    3. save new auth

A success message is displayed, and the new auth profile is added to the Authorization Profile page.

success message

Define Authorization Fields

To configure the OAuth2 profile, define the fields described in the table below:

Note

Except for Scope, Description, Refresh Token URL, Additional fields, Authorization fields, and Auth Error Status Code, all the fields are mandatory.

FIELD NAME DESCRIPTION MANDATE
Authorization Type Select an option from the dropdown. OAuth2 is currently supported. Required
Identity Provider Name The name of the identity provider or service, for example, Okta. Required
Description Enter a description for your auth profile. Optional
Callback URL The endpoint in an OAuth 2.0 flow where the authorization server redirects the user after they grant or deny permission. It is used to return the authorization code or access token to the client application. The default URL is provided in the form. Required
Client ID A unique identifier assigned that helps the authorization server recognize the application making authentication or API access requests. It helps in the following:
  • Used in OAuth flows to obtain access tokens
  • Helps in tracking and logging API requests
  • Ensures security by linking requests to a registered client.
 Required
Client Secret A confidential key assigned to an application to authenticate its identity when requesting access tokens from the authorization server, ensuring secure and authorized API access. Required
Authorization URL The endpoint where users are redirected to authenticate and grant permissions to an application before it can access protected resources on their behalf. Example: https://auth.networks.com/oauth/authorize Required
Subdomain(aka tenancy URL) A unique URL assigned to a specific tenant (organization, customer, or user group) within a multi-tenant system. It is used to differentiate and isolate data, authentication, and access for each tenant. You must select one of the following options based on your auth profile:
  • No, this tool and all of its tasks do not have tenancy URLs.
  • Yes, some tasks will have tenancy URLs and the user will need to provide that to successfully authenticate.
 Required
Token request URL The endpoint where a client application exchanges an authorization code or refresh token for an access token. This token allows the client to authenticate API requests on behalf of the user. Required
Scope Defines the level of access that a client application is requesting from the resource owner (user). It specifies what actions the application is allowed to perform and what resources it can access. Example: read_profile. Optional
Additional Fields Refer here. Optional
Authorization Fields Refer here. Optional
Refresh token URL The endpoint where a client application sends a request to obtain a new access token using a refresh token (whenever the access token expires). Example: https://auth.networks.com/oauth/access

Note: When the Refresh Token URL or refresh token expires, the following happens:

  • The auth profile starts failing everywhere it is used.
  • The user will receive an email to reconfigure a new URL or refresh token to ensure continuous and uninterrupted service.

 Optional
Auth Error Status Code When authentication or authorization fails in OAuth 2.0, the server returns an HTTP status code along with an error message to indicate the issue. Optional

Add Additional Field

These fields are used to collect additional authentication details from end users and allow you to incorporate extra security measures, such as a PIN code, device ID, or other authentication factors, alongside the standard credentials. By customizing the authorization input fields, you can enhance security and align the authentication process with your specific business or compliance needs.

To add additional fields, follow the steps below:

  1. Click + Add Additional Field in the New Authorization Mechanism window and enter one or more key-value pairs.

    add additional field

  2. Add values for the following fields:

PARAMETER DESCRIPTION REQUIRED/OPTIONAL EXAMPLE
Field Key The name of the additional field. Required Pin code
Field Value The value for the additional field. Required 2344567
  1. Click Done.
    2. add additional field form

The new field is added to the additional fields list. You can edit or delete this custom field. new additional field

Add Authorization Field

Authorization fields are data fields used in API requests to verify the identity of a user, system, or application and determine their permissions to access resources. These fields ensure secure authentication and access control in APIs, particularly for token-based authentication in the Agent Platform.

To add auth fields, follow the steps below:

  1. Click + Add Authorization Field in the New Authorization Mechanism window and enter one or more key/value pairs. add new auth field

  2. Add values for the following fields:

PARAMETER DESCRIPTION REQUIRED/OPTIONAL
Field Type Defines how authentication data is sent and verified in an API request within the Agent Platform for token-based authentication. The supported types include:
  • Header: Used to send authentication credentials, such as API tokens.
  • Payload: Used in POST or PUT requests, sending credentials in the request body.
  • Query String: Credentials are passed in the URL.
  • Path Param: Credentials or tokens are included in the URL path.
 Required
Field Key The name of the auth field. Example: Profile_id. Required
Field Value The value of the auth field. Example: 123_xyz. Optional
  1. Click Done.

auth field form

The new field is added to the Authorization Fields list. You can edit or delete this custom field. new auth field

Authorization Profile Summary

Each authorization you add to your account is displayed in the Authorization Profile window with the following options:

  • Name: The name you provide to the Auth profile you create.
  • Authorization Type: The method/type set for the Auth Profile. Currently, only oauth v2 is available.
  • Test auth: Click the Test button corresponding to a configured profile to check if it establishes a connection with an external service based on the configured profile.
  • Status: Displays Configured or Not Configured based on the configuration status.

auth profile summary

Test the Auth Profile

The Test button is enabled when you provide all the fields in the New authorization mechanism window. To validate the connection using the configured mechanism, click Test.

A new window appears where the Agent Platform tries to establish a connection with the external service through the configured auth profile.

A successful connection is shown below:

successful connection

If the connection fails, edit the auth profile with the correct information and test the connection again.

Manage Auth Profile

You can either edit the configured values of an auth profile or delete it from the system.

Edit

  1. Click the Ellipses icon for an Auth profile on the Authorization Profile page.

  2. Click Edit. edit auth profile

  3. Modify the required fields in the Update authorization mechanism window.

  4. Click Update new auth. update new auth

Important

The Authorization Type and Name fields cannot be edited, but all authentication parameters can be modified.

A success message appears when the auth profile information is updated.

Delete

To delete an Auth profile, follow the steps below:

  1. Click the Ellipses icon and select Delete. delete auth profile

  2. Click Delete in the following window.

    confirm delete auth profile

A success message is displayed, and the profile is removed from the Authorization profile page.

Caution

Deleted profiles cannot be recovered. Proceed with caution.