> Security > Applications. The Applications
page appears.
Administrators can integrate Identity as a Service user administration into their application by using the Identity as a Service Administrator REST APIs. This API allows you to seamlessly perform administrative actions on Identity as a Service users and authenticators without logging in to the Identity as a Service administrator portal. Identity as a Service provides a JSON file that contains the credentials needed for the API integration to authenticate to Identity as a Service.
See the Identity as a Service Administration API Guide for more information.
Add Administration API to Identity as a Service
1. Click
> Security > Applications. The Applications
page appears.
2. Click Add. The Select an Application Template page appears.
3. Scroll to Identity as a Service Integrations and click Administration API. The Add Administration API page appears.
4. In the Application Name field, type a name for your application.
5. In the Application Description field, type a description for your application.
6. Optional. Add a custom application logo as follows:
a. Click 
next to Application
Logo. The Upload Logo dialog box appears.
b. Click 
to select an image file to upload.
c. Browse to select your file and click Open. The Upload Logo dialog box displays your selected image.
d. If required, resize your image.
e. Click OK.
7. Click Next. The General Settings page appears.
The Application ID is generated automatically. You do not need to enter a value for this field.
8. From the Select Role drop-down list, select to the role you want to assign to the API application. The role defines the operations that can be performed using this API application. You can select one of the Identity as a Service system-defined roles or a custom role. You cannot select No Role Assigned.
System-defined roles include:
● Auditor: This role grants view-only access to users, authenticators, roles, and tokens on the integrated Identity as a Service account.
● Help Desk Administrators: This role allows you to add or remove users and their authenticators.
● SIEM Add-on: This role provides full access to all SIEM management functions in view-only mode.
● Super Administrator: This role allows you to add or remove users and their authenticators, and query your Identity as a Service account roles.
● SCIM Provisioning: This role allows the SCIM provisioning application to perform resource provisioning using SCIM protocols.
● On-boarding Administrator: This role allows a user assigned this role to manage Tenant accounts. Only for Service Provider super account managers can select this role. If you are not a Service Provider super account manager, this option is not visible.
● AD Connector: This role allows the AD Connector application to perform AD Connector directory synchronization.
9. If required, from the Select IP List drop-down list, select the IP List to restrict user access only to IP addresses included in the IP List. The default is None to allow access for all IP addresses.
10. Select Allow this application to use a long-lived token for authentication. This generates a long-lived token (one that does not expire) for API requests.
11. Click Submit. The Complete page appears. This page contains the parameters that your application must pass to the Administrator API.
12. Do one of the following:
● Click Copy to Clipboard to copy the applicationId, hostname and sharedSecret. You need these values to set up your Administration API.
● Click Credentials to download a JSON file that contains the API credentials for this application.
13. Click Done.
You have successfully configured the Administrator API application on Identity as a Service.