CMiC API and OAuth 2.0 Integration - Configuring Service Account Authentication for Cloud Users

For Cloud customers, CMiC recommends using a User Principal Name (UPN) for a Service Account to authenticate.

• Email

  This is the claim that contains the user's email address. CMiC can remove the domain part of the email address (e.g. everything after the @ symbol) if it matches a domain specified in cmic.oauth2.remove.domainFromUser in cmicapp.properties.

  For example, if the email is "user@cmic.ca" and "cmic.oauth2.remove.domainFromUser=cmic.ca", CMiC will only use "user" as the username.

• User Principal Name (UPN)

  The User Principal Name (UPN) is typically the unique user identifier in Azure Active Directory (Azure AD), often formatted as an email address (e.g. user@domain.com). This claim is also available in the JWT token and can be used as the CMiC username, depending on how your OAuth2 provider issues the token.

  A UPN with a service account functions similarly to how it does for regular users but is typically associated with applications, services, or automated processes rather than human users. The service account UPN is important for scenarios where the application needs to access resources protected by Azure AD or other directory services that rely on UPN for authentication.