In our organization, we are attempting to transition from using Basic Authentication to using OAuth for third party server-side applications as described here
We run an on-prem installation of Orchestrator 2021.4. As Basic Authentication will be removed in 2021.10, we are very interested in making the transition to OAuth sooner rather than later.
We have created and tested External Applications using both User Scope and Application Scope. It is my understanding that User Scope is intended for a live user as it requires human intervention to give consent during the authentication flow, so for our server-side applications we should use Application Scope. Is this assumption correct?
However, we cannot find any options for restricting access to specific Folders when using Application Scope. As with just about any other organization under the sun, ours has many different departments and we do not wish that an External Application used by department A has access to resources from department B.
Is it really true that the OAuth way of authenticating when using third party applications does not allow us to restrict access to certain folders on a per External Applcation basis? In my view, this is a major step back from Basic Authentication, where one was able to set fine-grained access on a specific User in Orchestrator.
Hopefully we are missing a key point?