Access Token for Active Directory

Configure an access token to connect to Active Directory.

Figure: Active Directory Access Token Configuration screen

Active Directory Access Token Configuration screen

Background and Setup

Good to Know

  • In most cases, you can use a global access token or an app level access token:
    • Global access tokens are shared across all users and apps. If you want all process designers and runtime app users in your AgilePoint NX tenant to be able to connect to an external data source, use a global access token. An example is a SharePoint site on an intranet that all employees in a company can access.
    • Application level access tokens are shared with all processes in a process-based app, or restricted to use within a form-based app. Use application level access tokens if only process designers or runtime app users for a particular application should access an external system — for example, a Box account that is only used to share files within a small team.
  • Access tokens are used to connect AgilePoint NX apps to external data sources. Microsoft Azure Active Directory can be used for access tokens, but it can also be used as an authentication provider for AgilePoint NX Portal. Access tokens cannot be used to authenticate to the Portal.

    For more information about configuring authentication providers, refer to Authentication.

  • Access tokens are collections of credentials that are used to authenticate communication directly between AgilePoint NX and an external system. Because it is the AgilePoint NX system that uses these credentials, rather than an app, there is no difference between design time and runtime access tokens. Access tokens are never checked in or published, and they do not use version control. If you change an access token in App Builder or Manage Center, the access token changes immediately everywhere the access token is used. Changes to app level access tokens apply to all versions of an app, including running application instances. Changes to global access tokens apply everywhere they are used in AgilePoint NX. You can not roll back an access token to a previous version.

    For more information, refer to What Data Is Deleted When I Delete an App or Application Resource?

  • This screen may look different in different places. The UI varies for this screen depending upon how you open it. However, the fields for this screen are the same in all places.
  • Some information about third-party integrations is outside the scope of the AgilePoint NX Product Documentation. It is the responsibility of the vendors who create and maintain these technologies to provide this information. This includes specific business use cases and examples; explanations for third-party concepts; details about the data models and input and output data formats for third-party technologies; and various types of IDs, URL patterns, connection string formats, or other technical information that is specific to the third-party technologies. For more information, refer to Where Can I Find Information and Examples for Third-Party Integrations?

Fields

Field NameDefinition

Token Name

Description:
Specifies the unique name for your connection to Active Directory.
Allowed Values:
One line of text (a string).

Accepted:

  • Letters
  • Numbers
  • Spaces
Default Value:
None
Example:
This is a common configuration field that is used in many examples. Refer to:
  • Examples - Step-by-step use case examples, information about what types of examples are provided in the AgilePoint NX Product Documentation, and other resources where you can find more examples.

Description

Description:
A description for your access token.
Allowed Values:
More than one line of text.
Default Value:
None
Example:
This is a common configuration field that is used in many examples. Refer to:
  • Examples - Step-by-step use case examples, information about what types of examples are provided in the AgilePoint NX Product Documentation, and other resources where you can find more examples.

User Account

Description:
Specifies the user account to connect to Active Directory.
Allowed Values:
Default Value:
Custom User

Context Domain

Description:
Specifies the name of your Active Directory domain.
To Open this Field:
  1. On the Active Directory access token screen, select Custom User.
Allowed Values:
A valid Active Directory domain name.
Default Value:
None

User Name

Description:
Specifies the user name of the account to use to create a group in Active Directory.
To Open this Field:
  1. On the Active Directory access token screen, select Custom User.
Allowed Values:
A valid user name.
Default Value:
None
Accepts Variables:
No

Password

Description:
Specifies the password of the account to use to create a group in the domain
To Open this Field:
  1. On the Active Directory access token screen, select Custom User.
Allowed Values:
An alphanumeric string that represents a password.
Default Value:
None
Accepts Variables:
No

Directory Type

Description:
Specifies the format for your Active Directory.
Allowed Values:
  • LDAP - Specifies your Active Directory uses LDAP.
  • WinNT - Specifies your Active Directory uses WinNT.
Default Value:
LDAP

Directory Address

Description:
Specifies a host address for your Active Directory.
To Open this Field:
  1. On the Active Directory access token screen, select Custom User.
Allowed Values:
  • IP address - The IP address of the Active Directory. For example, 211.325.5.3.
  • IP address/[relative distinguished name (RDN)] - The IP address of the Active Directory with the container name (CN), organizational unit (OU), or both for the user. For example, 211.325.5.3/OU=MyGroup
Default Value:
None

Directory Port

Description:
Specifies a port number of the Active Directory.
To Open this Field:
  1. On the Active Directory access token screen, select Custom User.
Allowed Values:
A valid port number for your Active Directory.
Default Value:
389

Test Connection

Function:
Makes sure the specified Active Directory account is correct.

Enable Password Expiry Notification

Description:
Specifies whether to send an email notification when the password is due to expire.
To Open this Field:
  1. On the Active Directory access token screen, select Custom User.
Allowed Values:
  • Selected - Sends an email notification before the password expires.

    By default, this notification is sent 15 days before expiration.

  • Deselected - Does not send an email notification for the password expiration.
Default Value:
Deselected
Limitations:

This field is available in these releases:

Date

Description:
Specifies the date the authentication credentials for the access token expire.

AgilePoint NX sends the notification 15 days before the date specified in the Date field.

To Open this Field:
  1. On the Active Directory access token screen, select Custom User.
  2. Select Enable Password Expiry Notification.
Allowed Values:
A date from the calendar.
  • MM/dd/yyyy - Shows the date in the format Month/day/year.
Default Value:
None
Limitations:

This field is available in these releases:

Email

Description:
Specifies the email address of the user to whom to send the notification about the password expiration.
To Open this Field:
  1. On the Active Directory access token screen, select Custom User.
  2. Select Enable Password Expiry Notification.
Allowed Values:
One line of text (a string) in email address format.
Default Value:
None
Limitations:

This field is available in these releases:

Encrypt

Description:
Stores the access token in the AgilePoint database as encrypted data.
Note: AgilePoint recommends you to store this access token in the database in encrypted format.
Allowed Values:
  • Deselected - The access token is in plain text in the database.
  • Selected - The access token is encrypted in the database.
Default Value:
Selected
Limitations:
  • This field was removed from the UI in AgilePoint NX OnPremises and Private Cloud v7.0 Software Update 2. Access token credentials are encrypted by default. If you want to store credentials in unencrypted format, contact AgilePoint Customer Support.