TechnologyOne ECM - OAuth Authentication

OAuth is the recommend authentication method for CiAnywhere sites where SAML is configured. This method requires an OAuth IdP Client to be configured in ECM → Site Settings → Authentication. Please contact TechnologyOne for further details on how to do this.

OAuth Connection Settings

Name	Description
Grant Type	`Authorization Code` - users will be prompted to sign into TechnologyOne in the web browser and all API operations are invoked on-behalf of that user. If using a SAML provider such as Azure AD this will navigate the user to the respective provider to complete the sign-in process. This option is recommended for EzeScan Desktop usage. `Client Credentials` - the application is authenticated as a service account without displaying a login page. This option is recommended for EzeScan Server usage where no user interaction is possible.
Client ID	The Client ID of the OAuth IdP Client configured in CiAnywhere.
Client Secret	The Client Secret of the OAuth IdP Client configured in CiAnywhere.
Redirect URL	Required only when using the `Authorization Code` grant type. The Redirect URI specifies the endpoint that users are returned to in EzeScan after completing the sign‑in process with the OAuth identity provider. For EzeScan Desktop use http://localhost:5000/auth/callback For EzeScan Server use http://localhost:32392/api/integrations/oAuthCallback where localhost:32392 is the public address and port This Redirect URI must be registered in the OAuth IdP Client configuration in CiAnywhere. If it is not registered exactly as specified, the OAuth sign‑in process will fail.