Security updates for entitlements
Learn about new changes to entitlements.
Changes to the existing read OIDC client configuration entitlements
Users who have readOICD
client configure entitlements are not able to view the
client secret for the corresponding OIDC client.
The following list explains the entitlements that are changed.
readAppConfig
cannot view the client secret for Applications and the Application API Access Client.readSTSClients
cannot view the client secret for the STS client.readAPIClients
cannot view the client secret for the API client.readExternalAgents
cannot view the client secret for the Identity agent.
New read OIDC client configuration and client secret entitlements
Users who have the read OIDC client configuration and client secret entitlement can view the client secret for the corresponding OIDC client.
The following list explains the entitlement changes
readAppConfigAndClientSecret
can view the client secret for Applications and the Application API Access Client.readSTSClientsAndClientSecret
can view the client secret for the STS client.readAPIClientsAndClientSecret
can view the client secret for the API client.readExternalAgentsAndClientSecret
can view the client secret for the Identity agent.
There is no change to the existing manage OIDC entitlements
Users who have the manage OIDC client configuration entitlement can manage the corresponding OIDC client and view the client secret.
The following list explains the entitlement changes
manageAppAccessAdmin
can manage Application and view the client secret for Applications and the Application API Access Client.manageSTSClients
can manage the STS client and view the client secret for the STS client.manageAPIClients
can manage the API client and the client secret for the API client.manageExternalAgents
can manage the Identity agent and the text client secret for the Identity agent.
Updates to ready-to-use roles
- Tenant Administrator
- The new entitlements that are added to this role are
readAppConfigAndClientSecret
,readSTSClientsAndClientSecret
,readAPIClientsAndClientSecret
, andreadExternalAgentsAndClientSecret
. - Helpdesk
- The new entitlements that are added to this role are
readAppConfigAndClientSecret
andreadExternalAgentsAndClientSecret
. This role can continue to view the client secrets for Applications, the Application API Access Clients, and Identity Agents. - Readonly
- The new entitlements that are added to this role are
readAppConfigAndClientSecret
,readSTSClientsAndClientSecret
,readAPIClientsAndClientSecret
, andreadExternalAgentsAndClientSecret
. This role can continue to view the client secrets for Applications, Application API Access Clients, STS Clients, API Clients, the Identity Agents. - PrivacyOfficer
- The new entitlement added to this role is
readAppConfigAndClientSecret
so that it can continue to view the client secrets for Applications and the Application API Access Clients.
Notice for customers who are using custom administrator roles
Entitlement | Description |
---|---|
readAppConfigAndClientSecret |
Add so the administrator can view the client secret for Applications and the Application API Access Client. |
readSTSClientsAndClientSecret |
Add so the administrator can view the client secret for the STS client. |
readAPIClientsAndClientSecret |
Add so the administrator can view the client secret for API client. |
readExternalAgentsAndClientSecret |
Add the administrator can view the client secret for Identity agent. |
API Changes
Entitlement | Description |
---|---|
Application | GET https://{tenanturl}/v1.0/applications/{applicationId} .If you call
this API with the
readAppConfig entitlement it does not contain the
clientSecret field.
If you call this API with the |
STS Client |
|
API Client |
|
Identity Agents |
|