Bosch IoT Rollouts

S&E Authentication

Table of contents:

Bosch.IdM

The Sign & Encrypt service uses Bosch AD for user authentication. After a successful login, an access token is generated. This token contains all IdM roles of this particular user in the scopes. It is then used for requests against the Sign & Encrypt service and serves as the basis for authorizing the requests.

This flow must be used when the multi factor flow is activated in order to approve signing tasks. The additional factor is determined by receiving a phone call or using an OTP token.

Suite Auth OAuth2 clients

An OAuth2 client follows a standard protocol and can be used to obtain a Suite Auth access token for authentication of your application when using Sign and Encrypt API endpoints.

The OAuth2 clients UI feature, part of the common Bosch IoT Suite UI allows to create, list, filter, view, and manage OAuth2 clients, use them to create access tokens, as well as act as an application.

Learn how to set up new Suite Auth OAuth2 clients at Set up Suite Auth OAuth2 client.

Create an ACL rule with type CLIENT

Use the ACL API to create an ACL rule with type "CLIENT" and the Client ID as id.

Follow these steps depending on whether you need a global ACL rule or one for a specific device configuration: