ZTrust Documentation
  • User Manual - ZTrust V3.0
    • Key Terminologies
    • Guide to Navigation
      • Clients
        • Clients List
        • Initial Access Token
        • Client Registration
      • Client Scopes
      • Realm Roles
      • Users
      • Groups
      • Sessions
      • Events
        • User events
        • Admin events
      • Realm Settings
        • General
        • Login
        • Email
        • Themes
        • Keys
        • Events
        • Localization
        • Security Defenses
        • Sessions
        • Tokens
        • Client Policies
        • User profile
        • User Registration
      • Authentication
        • Flows
        • Required Actions
        • Policies
      • Identity Providers
      • User Federation
    • Admin Manual
      • Creation of a Realm
      • Creation of a User
        • Login to Account Console
      • How to set up Password Invalidator
      • How to set up Password Policies
      • How to set up Brute Force Detection feature
      • How to enable the One-to-Many feature
      • How to set up Multi-Factor Authentication
        • Setup of ReCAPTCHA registration flow
        • Setup of ReCAPTCHA login flow
        • Setup of OTP Based Registration
        • Setup of OTP Based Login
        • Setup of QR Code Based Authentication
        • Setup of Push Notification Based Authentication
        • Setup of Biometric based Authentication
        • How to set-up 2FA Authentication
      • ZTrust Authenticator App
      • Self-Service Portal (SSP)
        • Authenticator Setup from Self-Service Portal
        • Set Your Profile Photo in Self-Servicce Portal
      • How to setup Session Invalidator feature
      • How to setup GDPR Compliant feature
      • How to set up Social Media login
      • How to setup Inactive User Tracking feature
      • How to setup Archive Inactive User feature
      • Role-Specific Attribute Based Access Control at client level
      • Self-Role Request at the Business Level
      • Self-Role Request at the Application Level
      • How to setup Delete Archived/Inactive User feature
      • Reporting Module
      • Geo Tagging and Fencing
      • Event Type
  • Release Notes
    • ZTrust V3.1.0
    • ZTrust V3.0.0
    • ZTrust V2.1.0
    • ZTrust V2.0.1
    • ZTrust V2.0.0
    • ZTrust V1.0.4
    • ZTrust V1.0.3
    • ZTrust V1.0.2
    • ZTrust V1.0.1
    • ZTrust V1.0.0
  • Frequently Asked Questions
  • User Manual - ZTrust V2.0
    • Key Terminologies
    • Guide to Navigation
      • Clients
        • Clients List
        • Initial Access Token
        • Client Registration
      • Client Scopes
      • Realm Roles
      • Users
      • Groups
      • Sessions
      • Events
        • User events
        • Admin events
      • Realm Settings
        • General
        • Login
        • Email
        • Themes
        • Keys
        • Events
        • Localization
        • Security Defenses
        • Sessions
        • Tokens
        • Client Policies
        • User profile
        • User Registration
      • Authentication
        • Flows
        • Required Actions
        • Policies
      • Identity Providers
      • User Federation
    • Admin Manual
      • Creation of a Realm
      • Creation of a User
        • Login to Account Console
      • How to set up Password Invalidator
      • How to set up Password Policies
      • How to set up Brute Force Detection feature
      • How to enable the One-to-Many feature
      • How to set up Multi-Factor Authentication
        • Setup of ReCAPTCHA registration flow
        • Setup of ReCAPTCHA login flow
        • Setup of OTP Based Registration
        • Setup of OTP Based Login
        • Setup Time-based One-Time Password (TOTP) Based Login
        • Setup of QR Code Based Authentication
        • Setup of Push Notification Based Authentication
        • Setup of Biometric based Authentication
        • How to set-up 2FA Authentication
      • How to setup Session Invalidator feature
      • How to setup GDPR Compliant feature
      • How to set up Social Media login
      • How to setup Inactive User Tracking feature
      • How to setup Archive Inactive User feature
      • How to setup Delete Archived/Inactive User feature
      • Role-Specific Attribute Based Access Control at client level
      • Reporting Module
      • Geo Tagging and Fencing
      • Event Type
  • User Manual - ZTrust V1.0
    • Guide to Navigation
      • Realm Settings
        • General
        • Login
        • Keys
        • Email
        • Themes
        • RabbitMQ Config
        • Localization
        • Cache
        • Tokens
        • Client Registration
        • Client Policies
        • Security Defenses
      • Clients
      • Client Scopes
        • Default Client Scopes
      • Roles
        • Realm Roles
        • Default Roles
      • Identity Providers
      • User Federation
      • Authentication
        • Flows
        • Bindings
        • Required Actions
        • Password Policy
        • OTP Policy
        • WebAuthn Policy
        • WebAuthn Passwordless Policy
        • CIBA Policy
      • Groups
        • Default Groups
      • Users
      • Sessions
        • Realm Sessions
        • Revocation
      • Events
        • Login Events
        • Admin Events
        • Config
      • Import
      • Export
    • Admin Manual
      • Creation of a Realm
      • Creation of a User
        • Login to Account Console
      • How to set up Password Invalidator
      • How to set up Password Policies
      • How to set up Brute Force Detection feature
      • How to enable the One-to-Many feature
      • How to set up Multi-Factor Authentication
        • Setup of ReCAPTCHA registration flow
        • Setup of ReCAPTCHA login flow
        • Setup of OTP Based Registration
        • Setup of OTP Based Login
        • Setup of QR Code Based Authentication
        • Setup of Push Notification Based Authentication
        • Setup of Biometric based Authentication
      • How to setup Session Invalidator feature
      • How to setup GDPR Compliant feature
      • How to set up Social Media login
      • How to setup Inactive User Tracking feature
      • How to setup Archive Inactive User feature
      • How to setup Delete Archived/Inactive User feature
Powered by GitBook
On this page
  • Anonymous Access Policies
  • Authenticated Access Policies
  1. User Manual - ZTrust V1.0
  2. Guide to Navigation
  3. Realm Settings

Client Registration

PreviousTokensNextClient Policies

Last updated 1 year ago

In Client Registration, within the Initial Access Tokens section, an initial access token can be utilized to generate new clients.

This token comes with customizable expiration settings and a limit on the number of clients that can be created.

On clicking on Create, you can see the below screen

Expiration

This indicates the duration for which the Access Token should remain valid.

You can adjust the duration as needed using the arrow keys. Additionally, you can change the duration unit by selecting the preferred option from the dropdown menu.

Count

This specifies the maximum number of clients that can be created using the token.

By default, it is set to 1, but you can modify this value according to your needs.

Save

After making the adjustments, click on Save to confirm the changes.

Reset

If you don’t want to apply the changes and revert the changes done, click on Reset to discard the modifications.

Client Registration Policies allow for the enforcement of various configuration settings on clients during their creation or update.

Anonymous Access Policies

These policies are used when the Client Registration Service is invoked by unauthenticated requests, which indicates that the request lacks an Initial Access Token or Bearer Token.

Policy Name

It denotes the name assigned to the policy when it is created.

Provider ID

It refers to the ID of the provider you wish to set up for this specific policy.

Add Provider

If you wish to create any additional policies for client registration, simply click on Add Provider and choose your preferred option from the dropdown menu.

After selecting an option from the dropdown menu, you'll be directed to the screen below.

For example, in this scenario, the max-clients option is selected.

This configuration imposes a cap on the quantity of clients allowed to be added to a realm.

Once this policy is set up, registering new clients will be prohibited if the number of clients in a realm reaches the specified maximum limit.

Name

Here, Name indicates the policy's Display Name.

Provider

This is the option that you selected from the dropdown menu of Add Provider.

Max Clients Per Realm

This setting enables you to establish the Maximum number of clients allowed per realm.

You have the flexibility to define this according to your specific needs.

Save

Click on Save to implement these adjustments.

Upon saving this specific policy, it will be included in the list under Anonymous Access Policies.

Reset

Click on Reset to discard the changes done.

Actions

This encompasses the available actions that can be taken regarding existing client policies, such as Edit or Delete.

Edit

If you want to modify any specific attribute within a Client Policy, simply click on Edit.

When you click on Edit for a specific Client Policy, the subsequent screen will appear.

For Example - Upon clicking Edit for the Max Clients Limit policy, the following screen will be displayed.

ID

This field cannot be edited.

It is generated automatically when you create a new Policy.

Name

This field is mandatory and can be modified.

It pertains to the Display Name of the specific Client Policy.

Provider

This refers to the name of the Provider selected during the creation of the Client Policy.

This field cannot be edited.

Max Clients Per Realm

You can modify this field.

It represents the maximum number of clients permitted to register with this realm.

If the number of clients reach the configured limit, new client registrations will be prohibited.

You have the flexibility to adjust this according to your needs.

Save

Click on Save to implement these adjustments.

Reset

After making the changes, if you do not want to incorporate these changes, click on Reset to discard the modifications.

Delete

If you don’t need any policy or want to remove it, you can simply click on Delete to remove it.

The table below lists different providers and the services they offer.

Provider Names
Description

allowed-client-templates

It allows to specify a whitelist of client scopes, which will be permitted in the representation of registered or updated clients.

client-disabled

The newly registered client will be disabled and it will require manual activation by the administrator.

scope

The newly registered client will not be allowed the full scope.

max-clients

New client registration will be prohibited if the number of existing clients in the realm equals the configured limit.

allowed-protocol-mappers

It enables the specification of a whitelist of protocol mapper types that will be permitted in the representation of registered or updated clients.

trusted-hosts

It allows to specify the hosts from which users can register and the redirect URIs that clients can utilize in their configuration.

consent-required

The newly registered client will always have the ConsentRequired switch enabled.

Authenticated Access Policies

This refers to the Policies used when the Client Registration Service is invoked by an authenticated request, which indicates that the request includes either an Initial Access Token or a Bearer Token.

Policy Name

It denotes the Name assigned to the Policy when it is created.

Provider ID

It refers to the ID of the Provider you wish to set up for this specific Policy.

Add Provider

If you wish to create any additional policies for Client Registration, click on Add Provider and select your preferred option from the dropdown menu.

After choosing your preferred Provider option from the Add Provider dropdown menu, you will be directed to the screen below.

For example - if you select the allowed-client-templates option, you'll see the below screen.

This setting enables you to define a whitelist of client scopes that will be allowed for registered or updated clients.

Name

It refers to the Display Name of the Policy.

Provider

This refers to the name of the Provider that you selected from the dropdown menu of Add Provider.

Allowed Client Scopes

This section comprises the whitelist of Client Scopes allowed for use on a newly registered client.

If a client registration attempt includes client scopes which are not on the whitelist, it will be declined.

By default, the whitelist is either empty or consists solely of realm default client scopes, depending on the configuration of the Allow Default Scopes setting.

You can select the required options from the dropdown menu as per your requirements.

Allow Default Scopes

This toggle button controls whether newly registered clients are permitted to have client scopes specified in the realm's default client scopes or optional client scopes.

When enabled (toggled ON), newly registered clients can have these scopes.

Conversely, when disabled (toggled OFF), clients will not have these scopes.

Save

Once you've entered the details, click on Save to successfully add the policy.

It will then appear in the list under Authenticated Access Policies.

Reset

If you decide not to add the Policy, click on Reset to discard the changes.

Actions

This includes the available actions that can be taken regarding existing Client Policies, such as Edit or Delete.

Edit

If you want to change any specific attribute within a Client Policy, simply click on Edit.

Upon selecting Edit for a particular Client Policy, the following screen will be displayed.

For example - If you click Edit for Allowed Client Scopes, the following screen will be displayed.

ID

This field cannot be edited.

It is generated automatically when you create a new Policy.

Name

This field is mandatory and can be modified.

It refers to the Display Name of the specific Client Policy.

You can tailor this according to your needs.

Provider

This indicates the name of the Provider that you selected (from the dropdown menu for Add Provider) during the creation of the Client Policy.

This field cannot be edited.

Allowed Client Scopes

This section contains a whitelist of Client Scopes permitted for use when registering a new client.

If a registration attempt includes Client Scopes which are not on the whitelist, it will be rejected.

By default, the whitelist is either empty or contains only realm default client scopes, depending on the configuration of the Allow Default Scopes setting.

You can adjust the whitelist by adding or removing scopes from the dropdown menu according to your needs.

Allow Default Scopes

This toggle button determines if newly registered clients can possess client scopes outlined in the realm's default or optional client scopes.

When activated (toggled ON), newly registered clients can possess these scopes.

When deactivated (toggled OFF), clients will not have these scopes.

This field can be edited and can be turned ON or OFF as per your requirements.

Save

After making the adjustments, simply click on Save to apply those changes.

Reset

If you prefer not to apply those modifications, click on Reset to discard the changes.

Delete

If you find that any existing policy is no longer needed, click on Delete to remove it.