Configuring ZERO Connect with NetDocuments

Updated: December 12, 2024 11:35

In this article:

Before proceeding with the setup, ensure you have the following:

To register an application:

Visit the NetDocuments Support Portal.
Log in with your credentials.
Navigate to the Application Registration section, accessible via the More menu.
On the Application Registration page, select the New Application button.
Fill in the required fields, especially these mandatory values for ZERO Connect applications:
- Application Type: REST
- Redirect URI: urn:ietf:wg:oauth:2.0:oob
- Additional Redirect URIs (Optional): zero:oauth2

ND_Application Information.png

Click the Create button at the bottom of the screen.
Note: EU, AU and US application names cannot have the same name on all services, thus when registering applications for different services, it is recommended that you append the appropriate service to the name ( “-US” for Vault apps, “-EU” for EU apps, “-AU” for AU apps) to differentiate the applications.

Post-registration, the ClientId and Client Secret are automatically generated. To view these, and gather essential details:

Click the arrow button to the right of the application item, then click the Edit button.
On the editing screen, note down the ApllicationId, and Application Secret.

To effectively use the client credentials grant flow, consider the following points:

Define Mapping: A repository administrator must define a mapping between the application's client ID and the identity of an account that the application will impersonate while operating in the repository. This is accomplished by navigating to the repository administration page and selecting the Service Account link.
Access Token Behavior: Access tokens obtained through the client credentials grant flow will run with the permissions of the mapped identity within the repository specified when obtaining the access token. These tokens will not have access to any other repositories.
Permission Scope: The permissions granted by the access token may be limited based on the scope defined during the token's acquisition.
Best Practice: The recommended best practice is to map each application using the client credentials grant flow to a unique identity. This practice aids in tracking and distinguishing actions performed by different applications, facilitating a clearer review of document properties, document history, consolidated activity logs, and administrative action logs.

To map client identity:

Log in to NetDocuments vault as an administrator. Use https://vault.netvoyage.com/ or the corresponding regional URL, such as eu.netdocuments.com.
Proceed to Users & Groups from the left navigation pane.
Create an account. Ensure to select the Full option for Repository admin type field and activate the Non-Interactive Application Service Account option in the Other options.
Go to the Service Accounts tab and select Create Service Account.
Enter the email address for the Service Account you wish to map to an application and click Create.
On the page where the actual mapping is created, fill in the Application ID (Client ID) copied previously and click the Save button to finalize the mapping process.
To obtain the RepositoryId information, navigate to the Information and Settings section from the left navigation pane and note the respective information.