Client Details

Choosing a client from the client list provides access to all the details of a specific client. There are a variety of client fields, but some may not be applicable for all clients.

Before you start

Your permissions are determined by your role in the system:

  • Owner: Holds complete control and administrative authority, including user management, configurations, and resource control.
  • Contributor: Enjoys full access but lacks administrative privileges, enabling configuration of resources. Can't administer users.
  • Reader: Provides read-only access for viewing information without administrative capabilities.

Fields and Buttons

Fields

Client Name The name of the specific client.

Client Identifier The unique ID of the client.

Allowed Scopes
List of all allowed scopes.

Claims
A claim is a statement that one resource, such as a person or organization, makes about itself or another resource. Claims are an integral part of client management, allowing for precise control and customization based on the specific needs of different client types. Here's how claims work for each client type:

  • Machine to Machine Clients: whether already created or newly generated, come with distinct claim settings. Within this client type, the tenant claim is prepopulated and non-editable. The unit4_id claim is not prepopulated but is editable. It is a mandatory field. The Subscription (only for ERPx) claim is similar to the unit4_id claim, is not prepopulated and is editable. It's also a mandatory field. The user cannot delete claims fields or add new ones.

  • U4 Desktop Clients, they do not display any claims by default. The Add claim option is unavailable.

  • U4 Native Mobile Clients, they do not display any claims by default. The Add claim option is unavailable.

  • U4 Report Engine Clients, they do not display any claims by default. The Add claim option is unavailable.

  • PKCE (Proof Key for Code Exchange), they do not display any claims by default. The Add claim option is unavailable.

  • Implicit Clients they do not display any claims by default. The Add claim option is unavailable.

See Client Claims for more information.

Refresh token usage Specifies the refresh token usage. Available values: OneTimeOnly or ReUse. Default value is OneTimeOnly.

Refresh token expiration Specifies the refresh token expiration. Available values: Absolute or Sliding. Default value is Absolute.

Authorization code lifetime Authorization codes should be used within a specified timeframe of 30 to 600 seconds, with the default set at 300 seconds.

Access Token Lifetime Specifies the time of access token lifetime. It should be used within a specified timeframe of 3 600 to 5 400 seconds (60 to 90 minutes), with the default set at 4 500 seconds (75 minutes).

Allowed CORS Origins List of all allowed CORS origins. Adding, deleting, or modifying values is not permitted. They are provided by Unit4.

Identity token lifetime Identity codes should be used within a specified timeframe of 3 600 to 5 400 seconds (24 hours to 7 days), with the default set at 4 500 seconds (75 minutes).

Redirect URIs Specifies allowed URIs to return tokens or authorization codes. Adding, deleting, or modifying values is not permitted. They are provided by Unit4.

Post Logout Redirect Uris List of post logout redirection uris. Adding, deleting, or modifying values is not permitted. They are provided by Unit4.

Access Token Type Specifies whether it's a reference or JWT token.

Absolute refresh token lifetime This should be used within a specified timeframe of 86 400 to 604 800 seconds (24 hours to 7 days), with the default set at 604 800 seconds.

Sliding refresh token lifetime This should be used within a specified timeframe of 86 400 to 604 800 seconds (24 hours to 7 days), with the default set at 604 800 seconds.

Require consent Allows to control whether or not users will be presented with a consent screen during the authentication process when using that specific client application. Default value is true.

Flow Specifies the flow.

Enabled Specifies whether the client is enabled or disabled. Default value is true.

Owner Tenant Specifies the tenant to which the client belongs.

Buttons

  • Edit: Selecting this button allows editing the current client.
  • Export: Selecting this button allows exporting the current client to a JSON file.
  • History: Selecting this button allows viewing information about any changes made to the client (User and JSON).
  • Secrets: Selecting this button allows access to the client secret window, making it possible to create a new one (only for Machine to Machine and Native Mobile clients).
  • Back: Selecting this button to go back to the previous window (client list).