How to limit access for External Applications in Automation Cloud

Hello,

As the current way of authenticating is going to be deprecated I started to look at OAuth2. I noticed that the documentation for Cloud and On-Prem is different.

According to the documentation found here there is an option to chose which tenant the External application should have access to:

But in Automation Cloud (documentation here)this option doesn’t exist. Will it be implemented or how are we supposed to limit the access? I don’t want one application to be able to add queue items both to “Tenant X” and “Tenant Z”. And if we go for user-scope instead of application-scope there is a need for interaction, if I understood it correctly.

Hello @Obsev!

It seems that you have trouble getting an answer to your question in the first 24 hours.
Let us give you a few hints and helpful links.

First, make sure you browsed through our Forum FAQ Beginner’s Guide. It will teach you what should be included in your topic.

You can check out some of our resources directly, see below:

  1. Always search first. It is the best way to quickly find your answer. Check out the image icon for that.
    Clicking the options button will let you set more specific topic search filters, i.e. only the ones with a solution.

  2. Topic that contains most common solutions with example project files can be found here.

  3. Read our official documentation where you can find a lot of information and instructions about each of our products:

  4. Watch the videos on our official YouTube channel for more visual tutorials.

  5. Meet us and our users on our Community Slack and ask your question there.

Hopefully this will let you easily find the solution/information you need. Once you have it, we would be happy if you could share your findings here and mark it as a solution. This will help other users find it in the future.

Thank you for helping us build our UiPath Community!

Cheers from your friendly
Forum_Staff

Hello,

Has anyone similar issues? Is it some other way to limit access for a specific tenant, folder etc. while using OAuth2 and application scope for External applications?

Hello, I’m facing a similar issue with wanting to limit access to a certain tenant for an external application. Were you able to find a solution for this?

Thanks,
Alexandra

Hello @Alexandra_C UiPath have added the functionality(at least in Cloud):

Create the external app as usual. Then it works the same way as when you give users permission to folders:


in this dropdown you will find the external app you’ve created :slight_smile:

Hi @Obsev – this was the path I started going down, however my external app seems to be able to access any tenant regardless if I add the external app to a folder in the tenant. The ext app is adding transactions to a queue in a non-prod tenant folder, and I wanted to ensure it cannot add to any queues in a prod tenant folder (will create a separate ext app for prod). Did you have to grant only read permissions for the external app scope, and then grant more specific edit/create permissions at the tenant level?

Thanks for your insight on this.