Application

Available in Classic and VPC

This section describes how to register and manage applications to log in with your NAVER Cloud Platform account after creating a tenant.

Application interface

The basic description for using applications is as follows:

sso-application-01_ko(1)

Component	Description
① Menu name	Current menu name.
② Basic features	Features displayed when you enter the Application menu for the first time. [Register application]: Click to register an application (see Register applications). [Learn more]: Go to the Ncloud Single Sign-On overview page. [Refresh]: Reload the current page.
③ Post-registration features	[Edit]: Edit the information and settings of the registered application (see Edit applications). [Delete]: Delete the registered application (see Delete applications).
④ Search bar	Search applications by entering the name of the registered application.
⑤ Application list	List of registered applications.

Check application list

You can view the information for each registered application you are managing from the list. To check the information:

Note

You can view the list if there are 1 or more registered applications. If there is no registered application, no list is shown on the application interface.

From the NAVER Cloud Platform console, navigate to > Services > Management & Governance > Ncloud Single Sign-On.
Click the Application menu.
When the application list appears, view the summary or click any application to see more details.
- Summary: Summary of the applications displayed in the list.
  - Application name: Name of the application.
  - Authentication: This is the information on the application's authentication protocol and is only displayed as OAuth 2.0 / Open ID Connect, which is currently supported.
  - Creation date and time (UTC+09:00): Date and time when the application was registered.
  - [Shortcut]: The URL of the application that was entered during application registration. You can go to the corresponding page by clicking the enabled button. If no URL was entered, the button is disabled.
- Application information: The information entered when the application is registered.
  - Application description: Description of the application.
  - Application URL: This is the URL of the application entered during application registration, and if entered, the [Shortcut] button is enabled in the list.
  - Scope: The scope of information that can be accessed by the application.
  - Application Type: The type of the application.
  - Application Grant Type: The method of granting permissions.
  - Redirect URIs: The Redirect URI entered when the application is registered.
  - Access Type: The access type of the application.
    - After clicking the [Reissue client secret] to issue a new client secret, you can click the [Copy] in the View client secret popup window that appears to copy the new client secret.
    - If the Access Type is set to Public, the [Reissue client secret] button is not displayed.
    Note
    Note that reissuing the client secret will make the existing client secret no longer valid.
    
    When the View client secret popup window disappears after reissuing the client secret, you will not be able to view the new client secret again, so use the [Copy] button.
  - Client Auth Method: How to authenticate the application.
  - Access Token Validity: Access token's validity period.
  - Refresh Token Validity: Refresh token's validity period.
  - Log in with the main account: Whether the application supports logging in with the main account.
  - Tag: Assign tag keys/values to easily classify SSO users.
    - View, create, edit, and delete all tags through [Tag management].
    - Only 1 tag value can be assigned to 1 tag key.
- Client Information: URL information required for Ncloud Single Sign-On integrations.
  - [Create Authentication URL]: Click to create an authentication URL based on the URL set when creating the tenant (see Create authentication URL).
  - Client ID: This is the client ID for the application, and you can click the [Copy] to copy it.
  - Authorize URL: This is the authorization URL for the application, and you can click the [Copy] to copy it.
  - Token URL: This is the token issuance URL for the application, and you can click the [Copy] to copy it.
  - Revoke URL: This is the token cancellation URL for the application, and you can click the [Copy] to copy it.
  - Userinfo URL: This is the user claim request URL for the application, and you can click the [Copy] to copy it.
  - OIDC configuration URL: This is the OpenID Connect configuration URL for the application, which is displayed if Scope is set to Open ID, and you can click the [Copy] to copy it.
- Consent page settings: The content of the consent page for providing privacy information that was set during application registration.
  - Supported language settings: The default language and displayed language selected when configuring the consent page.
  - Overseas transfer: Whether privacy information is transferred overseas.
  - Preview consent page: Click the [Preview] to preview the actual page that is displayed to the user.

Register application

To register an application to be integrated with Ncloud Single Sign-On:

Note

You can register an application after creating a tenant.

From the NAVER Cloud Platform console, navigate to > Services > Management & Governance > Ncloud Single Sign-On.
Click the Application menu.
Click the [Register application].
When the Register application interface appears, proceed with the next steps in order:

1. Enter application information.

Select the authentication protocol for the application and enter the required information for the authentication flow. Enter all information, and then click the [Next].

Authentication Protocol

Item Required Description

Authentication Required.

Item	Required	Description
	Authentication	Required.

Register application information

Item	Required	Description
	Application name	Required.
	Application description	Optional.
	Application URL	Optional.
	Application Type	Required.
	Access Type	Required.
	Client Auth Method	Required.
	Application Grant Type	Required.
	Scope	Required.
	Redirect URIs	Required.
	Log in with the main account	Required.

Tag management

Item	Required	Description
	Key:Value	Optional.

2. Configure consent page.

When logging in to the registered application, the information of the main or sub account of NAVER Cloud Platform is forwarded. At this point, configure a consent page to receive confirmation and consent from each attempted user log-in for the information being passed on to the application from each user. After configuring, click the [Next].

Before proceeding to the next steps, you can click the [Preview] at the bottom to preview the consent page that will actually be provided to users.

Caution

As this is the page necessary for the consent process for transferring account information, make sure to accurately configure the page.

Set consent page

Item Required Description

Set the supported language Required.

Overseas transfer Required.
Configure consent page

Item Required Description

Consent to providing personal information Required.

Overseas transfer Required.

Item	Required	Description
	Set the supported language	Required.
	Overseas transfer	Required.

Item	Required	Description
	Consent to providing personal information	Required.
	Overseas transfer	Required.

3. Check client information.

Once all the necessary information for the application registration is entered, the client ID and client secret will be issued. After checking the ID and secret, click the [Complete].

You can copy the client ID and client secret by clicking the [Copy].

Note

You can only view the client secret during the Check client information step while registering the application. Click the [Reissue client secret] in the application list to reissue a new client secret.
If Access Type is set to Public during application registration, only the client ID is issued.

Create authentication URL

You can create the authentication URL required for Ncloud Single Sign-On integrations by entering the information of the registered application. To create an authentication URL:

From the NAVER Cloud Platform console, navigate to > Services > Management & Governance > Ncloud Single Sign-On.
Click the Application menu.
Click on the [Create Authentication URL] in the Client information section after selecting the application for which you want to create the authentication URL in the application list.
After the Authentication URL popup window appears, enter the following information and click the [OK]:
- Response Type: Depending on the Scope or Application Grant Type selected during application registration, you can select the following:
  - Code: If the Application Grant Type is Authorization Code.
  - Token: If the Application Grant Type is Implicit (Hybrid).
  - ID_Token: Selectable if the Scope is Open ID and the Application Grant Type is Implicit (Hybrid).
- Scope: The range value of accessible information selected during application registration.
- Redirect URI: This is the Redirect URI entered during application registration and can be selected from a drop-down list if multiple URIs were entered.
- State: This is a string used to prevent CSRF attacks, and you can either enter a desired value or click the [Generate] to create one.
- Nonce: This is a string used to prevent replay attacks on access tokens, and it can be entered manually or created by clicking the [Generate].
  - The input field is displayed only when Open ID is selected for the Scope.
- Code Challenge: The code_challenge value used for PKCE.
- Code Challenge Method: This is the code_challenge_method value used for applying PKCE, and you can select between Plain and S256.
- Authentication URL: The authentication URL that reflects all the input values entered.
Click the [OK] after checking the authentication URL with the entered values.
- You can perform an authentication test by entering the created authentication URL into your browser.

Edit application

To edit the information and settings of a registered application:

Caution

If the contents of the consent page of the application are edited, the procedure of obtaining re-consent from the users who log in to the application with the edited contents is carried out. Users with a history of logging in to the application prior to the edit will be directed to the edited privacy information consent page and will only be able to log in after agreeing to the edited terms.

From the NAVER Cloud Platform console, navigate to > Services > Management & Governance > Ncloud Single Sign-On.
Click the Application menu.
To edit an application from the application list, click the [Edit] after selecting the application you want to edit.
After editing the desired items for each step, click the [Save].
- For more information about items for each step, see 1. Enter application information and 2. Configure consent page.

Delete application

To delete a registered application:

Caution

Once you delete an application, you cannot recover it. So, decide carefully.

From the NAVER Cloud Platform console, navigate to > Services > Management & Governance > Ncloud Single Sign-On.
Click the Application menu.
To delete an application from the application list, click the [Delete] after selecting the application you want to delete.
When the Confirm application deletion popup window appears, click the [Delete] and click the [OK].
- Then, the application is deleted from the application list.