How to activate App Studio for a new ERPCR tenant
Here is a quick guide to activate Unit 4 App Studio (AS) for an ERP CR tenant.
Prerequisites
- Unit 4 Identity Services (IDS) login must be enabled for the ERP CR environment.
- The system is designed to run automatically through the Tenant Activation Orchestrator (TAO).
- TAO ensures dependent services are registered in Discovery Service (Disco).
- TAO also calls ExtensionKit Tenant Activation Function (TAF) to register the required information in systems such as Tenant Management Service (TMS) and IDS.
A client will be created with the following configuration on IDS:
| Configuration detail | Value |
|---|---|
| Client ID | Enter the client ID. |
| Client Name | Enter the client's name. |
| Flow | Custom |
| Access token type | JWT |
| Access token lifetime (in seconds) | 3600 |
| Allowed scopes | openid, profile, u4bw, u4ek-app-trigger, u4ek-public-api |
| Enabled | Yes |
| Allowed custom grant types | user_impersonation |
| Required consent | Yes |
| Owner tenant | Empty |
Activation
Follow these steps to configure AS in ERP CR:
1. Retrive the secret value
Before configuring the client in ERP CR, gather the secret value from the EK Key vault. A secret is placed in the EK Key vault with the name app-studio-u4bw-user-impersonation-secret. To retrive it you must know:
- The specific Key vault is configured through the EK environment variables in ExtensionKit.DevOps: https://dev.azure.com/unit4-global/People%20Platform%20and%20Fundamentals/_git/ExtensionKit.DevOps?path=%2FRework%2FDeployment%2FResources%2FVariables&version=GC3f323942458dfcd551a5ca245e6fea149f2fbb44
- Use the
keyVaultResourceGroupandkeyVaultNamevalues for the target region. For example (DEV region):keyVaultResourceGroup: u4ek-dev,keyVaultName: u4ek-dev. - There is one Key vault per region, so values vary by region/environment.
- This value is required in the next step.
2. Configure the created client in ERP CR
To configure the client in ERP CR:
- Go to System Administration > System Setup > Web Service Accounts
- Add the client created in IDS by selecting the Add button and fill in the fields as showed on the table:
| Field | Description |
|---|---|
| Authorization type | Select OAuth 2.0 Client Credentials Flow from the dropdown. |
| Name | IdsImpersonationServiceAccount |
| ID | app-studio-u4bw-user-impersonation |
| Description | AppStudio user impersonation client |
| Secret | Enter the retrieved secret from the previous step. |
3. Verify that AS is accessible in Disco for the selected environment or tenant
To confirm accessibility:
- Check that Extension Kit is available in the relevant environment or tenant within Disco.
- If Extension Kit is missing, AS will not be accessible.
ā¯—Important: ERP CR users who want to use AS must always log in through IDS.