Login
      Contents x
      Application
        • Print
        • PDF
        Contents

        Application

          • Print
          • PDF
          Article Summary

          Available in Classic and VPC

          This guide describes how to register and manage applications to log in with your NAVER Cloud Platform account after creating a tenant.

          Application page

          The basics of using applications are as follows.
          sso-application_screen_en2

          FieldDescription
          ① Menu nameName of the menu currently being viewed
          ② Basic featuresFeatures displayed when initially entering into the Application menu
          • [Register application] button: Click to register an application (refer to Register application)
          • [Learn more about the product] button: Click to go to the Ncloud Single Sign-On introduction page
          • [Refresh] button: Click to refresh page
          ③ Post-registration features
          • [Edit] button: Edit the registered application's information and settings (refer to Edit application)
          • [Delete] button: Click to delete the registered application(Refer to Delete application)
          ④ Search windowSearch application by entering the name of the application
          ⑤ Application listList of registered applications

          Check application list

          You can view the information for each registered application you are managing from the list. The following describes how to view the information.

          Note

          You may view the list if there are one or more registered applications. If there is no registered application, no list is shown on the application page.

          1. Click the environment you are using in the Region menu and the Platform menu on the NAVER Cloud Platform console.
          2. Click Services > Management & Governance > Ncloud Single Sign-On in order.
          3. Click the Application menu.
          4. When the application list appears, view the summary information or click any application to see more details.
            • Summary information: summary information for the applications displayed in the list
              • Application name: the name of the application
              • Authentication: information on the application's authentication protocol, and is only displayed as OAuth 2.0 / Open ID Connect, which is currently supported
              • Creation date and time (UTC+09:00): the date and time when the application was registered
              • [Shortcut] button: the URL of the application that was entered during application registration. You can go to the corresponding page by clicking this button. If no URL was entered, the button is disabled.
            • Application information: the information entered during application registration

              • Application description: description of the application

              • Application URL: the URL of the application entered during application registration, and if entered, the [Shortcut] button is enabled in the list

              • Scope: the scope of information that can be accessed by the application

              • Application type: the type of the application

              • Application grant type: method of granting permissions

              • Redirect URIs: the redirect URI entered during application registration

              • Access type: the access type for the application

                • After clicking the [Reissue client secret] button to issue a new client secret, you can click the [Copy] button in the View client secret pop-up window that appears to copy the new client secret.
                • If the Access Type is set to Public, the [Reissue Client Secret] button is not displayed.
                Note
                • Please note that reissuing the client secret will make the existing client secret no longer valid.
                • When the View Client Secret pop-up window disappears after reissuing the client secret, you will not be able to check the new client secret again, so please use the [Copy] button.

              • Client auth method: how to authenticate the application

              • Access token validity: the validity period of the access token

              • Refresh token validity: the validity period of the refresh token

              • Login with main account: whether the application supports logging in with the main account

            • Client information: URL information required for Ncloud Single Sign-On integration
              • [Create authentication URL] button: click to create an authentication URL based on the URL set when creating the tenant (see Create authentication URL)
              • Client ID: this is the client ID for the application, and you can click the [Copy] button to copy it
              • Authorize URL: this is the authorization URL for the application, and you can click the [Copy] button to copy it
              • Token URL: this is the token issuance URL for the application, and you can click the [Copy] button to copy it
              • Revoke URL: this is the token cancellation URL for the application, and you can click the [Copy] button to copy it
              • Revoke URL: this is the user claim request URL for the application, and you can click the [Copy] button to copy it
              • OIDC configuration URL: this is the OpenID Connect configuration URL for the application, which is displayed if Scope is set to Open ID, and you can click the [Copy] button to copy it
            • Consent page settings: the content of the consent page for providing privacy information that was set during application registration
              • Supported language settings: the default language and displayed language selected when configuring the consent page
              • Transferred overseas: whether privacy information is transferred overseas
              • Preview consent page: click the [Preview] button to preview the actual page that is displayed to the user

          Register application

          The following describes how to register an application to be integrated with Ncloud Single Sign-On.

          Note

          You can register an application after creating a tenant.

          1. Click the environment you are using in the Region menu and the Platform menu on the NAVER Cloud Platform console.
          2. Click Services > Management & Governance > Ncloud Single Sign-On in order.
          3. Click the Application menu.
          4. Click the [Register application] button.
          5. When the Register application page appears, proceed with the following steps in order.

          1. Enter application information

          Select the authentication protocol for the application and enter the required information for the authentication flow. Enter all information, and then click the [Next] button.

          • Authentication Protocol

            ItemRequirement statusDescription
            AuthenticationRequiredSelect the authentication protocol for Ncloud Single Sign-On integration
            • Only OAuth 2.0 / Open ID Connect can be selected

          • Register application information

            ItemRequirement statusDescription
            Application nameRequiredEnter the application name
            Application descriptionOptionalEnter a description for the application
            Application URLOptionalEnter the URL to directly access the application
            • [Shortcut] button is provided on the application list to directly access the application with the entered URL
            Application TypeRequiredSelect either Web or App for the type of the application to be registered
            Access TypeRequiredSelect one of the following access types for the application
            • Confidential: access after authentication with client ID and client secret
            • Public: access after authentication with client ID
            Client Auth MethodRequiredSelect one of the following client authentication methods for the application
            • Depending on the selected Access type, there are limitations to the values that can be selected
              • If it is Confidential: Client secret base is automatically selected
              • If it is Public: None is automatically selected
            Application Grant TypeRequiredTo issue an access token for accessing protected resources, you must select between Authorization code and Implicit(Hybrid) for credentials
            • Authorization Code: this is the most common flow to issue an access token using your own authorization code for authorization
            • Refresh Token: this is an optional selection and can be selected together with either Authorization code or Implicit(Hybrid)
            • Implicit(Hybrid): this is a flow that issues an access token directly without an authorization code and is optimized for client environments where it is difficult to securely store credentials
            ScopeRequiredSelect between Profile or Open ID for the scope of information in the NAVER Cloud Platform account that can be accessed by the application
            • Information of the NAVER Cloud Platform that can be accessed by each application after integration
              • Unique member identifier (user's member number, sub account number)
              • Account type (main or sub account)
              • User name
            Redirect URIsRequiredEnter the URI to receive an authorization code or token after requesting authorization
            • Up to 10 URIs can be entered
            Log in with the main accountRequiredSelect whether to allow login to the application with the main account of NAVER Cloud Platform
            • The value set in the Tenant menu is given priority, and if the setting is Allow or Deny, it cannot be changed by each application
            • If the value set in the Tenant menu is Follow the settings for each application, it can be changed from each application

          2. Configure consent page

          When logging in to the registered application, the information of the main or sub account of NAVER Cloud Platform is passed on. At this point, configure a consent page to receive confirmation and consent from each attempted user log-in for the information being passed on to the application from each user. After configuring, click the [Next] button.

          • Before proceeding to the next step, you can click the [Preview] button at the bottom to preview the consent page that will actually be provided to users.
          Caution

          As this is the page necessary for the consent process for transferring account information, make sure to accurately configure the page.

          • Set the Consent page

            ItemRequirement statusDescription
            Set the supported languageRequiredSelect the language to display on the privacy information consent page and the language to set as the default language by clicking the checkbox
            • You can select from Korean, English, Japanese, and Chinese, and the page is configured according to the selected language
            • Only one language can be selected as the default language, which is the default value displayed when it cannot be displayed in the selected supported language
            Transferred overseasRequiredIf the registered application is served through an overseas IDC/CSP, you must check the checkbox to select it

          • Configure consent page

            ItemRequirement statusDescription
            Consent to providing personal informationRequiredDepending on the selected language in the Consent page settings, click the tab menu in the corresponding language and enter the following information
            • Recipient (input required)
            • Purpose of use (input required)
            • Retention and use period (input required)
            • Required information (automatic input)
              • Unique member identifier
              • User name
              • Account type
            Transferred overseasRequiredIf you have selected Transferred overseas in the Consent page settings, enter the following additional information to obtain consent for overseas transfer
            • Country of transfer (input required)
            • Recipient of transfer (input required)
            • Contact information (input required)
            • Personal information to be transferred (automatic input)
            • Transfer method (automatic input)
            • Purpose of use (automatic input)
            • Retention period (automatic input)

          3. Check client information

          Once all the necessary information for the application registration is entered, the client ID and client secret will be issued. After checking the ID and secret, click the [Complete] button.

          • You can copy the client ID and client secret by clicking the [Copy] button.
          Note
          • You can only view the client secret during the Check client information step while registering the application. Click the [Reissue client secret] button in the application list to reissue a new client secret.
          • If Access Type is set to Public during application registration, only the client ID is issued.

          Create authentication URL

          You can generate the authentication URL required for Ncloud Single Sign-On integration by entering the information of the registered application. The following describes how to generate one.

          1. Click the environment you are using in the Region menu and the Platform menu on the NAVER Cloud Platform console.
          2. Click Services > Management & Governance > Ncloud Single Sign-On in order.
          3. Click the Application menu.
          4. Click on the [Create authentication URL] button in the Client information section after selecting the application for which you want to generate the authentication URL in the application list.
          5. After the Authentication URL pop-up appears, enter the following information and click the [Confirm] button.
            • Response type: depending on the Scope or Application grant type selected during application registration, you can select the following:
              • Code: if the Application Grant Type is Authorization Code
              • Token: if the Application Grant Type is Implicit (Hybrid)
              • ID_Token: selectable if the Scope is Open ID and the Application Grant Type is Implicit (Hybrid)
            • Scope: the range value of accessible information selected during application registration
            • Redirect URI: this is the URI entered during application registration and can be selected from a drop-down list if multiple URIs were entered
            • State: this is a string used to prevent CSRF attacks, and you can either input a desired value or click the [Generate] button to generate one
            • Nonce: this is a string used to prevent replay attacks on access tokens, and it can be entered manually or generated by clicking the [Generate] button
              • The input field is displayed only when Open ID is selected for the Scope.
            • Code Challenge: the code_challenge value used for PKCE
            • Code Challenge Method: this is the code_challenge_method value used for applying PKCE, and you can choose between Plain and S256
            • Authentication URL: the authentication URL that reflects all the input values entered
          6. Click the [Confirm] button after checking the authentication URL with the entered values.
            • You can perform an authentication test by entering the generated authentication URL into your browser.

          Edit application

          The following describes how to edit the information and settings of a registered application.

          Caution

          If the contents of the consent page of the application are edited, the procedure of obtaining re-consent from the users who log in to the application with the edited contents is carried out. Users with a history of logging in to the application prior to the edit will be directed to the edited privacy information consent page and will only be able to log in after agreeing to the modified terms.

          1. Click the environment you are using in the Region menu and the Platform menu on the NAVER Cloud Platform console.
          2. Click Services > Management & Governance > Ncloud Single Sign-On in order.
          3. Click the Application menu.
          4. To edit an application in the application list, click the [Edit] button after selecting the application you want to edit.
          5. After making the desired changes for each step, click the [Save] button.

          Delete application

          The following describes how to delete a registered application.

          Caution

          Once you delete an application, you cannot retrieve it. So, decide carefully.

          1. Click the environment you are using in the Region menu and the Platform menu on the NAVER Cloud Platform console.
          2. Click Services > Management & Governance > Ncloud Single Sign-On in order.
          3. Click the Application menu.
          4. To delete an application in the application list, click the [Delete] button after selecting the application you want to delete.
          5. When the Confirm application deletion pop-up window appears, click the [Delete] button and click the [Confirm] button.
            • Then, the application will be deleted from the application list.
          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout