Client Management

How to create and manage Client IDs and Secrets for your tenant.

You can use the Client Management page to create and manage your own Client IDs and Client Secrets for your tenant. These credentials can be exchanged for an access token that grants access to building third-party integrations using UKG Pro Workforce Management public APIs.

Note:
  • The Client Management page is available only for tenants that use UKG Authentication as the authentication service provider. For more information, contact your UKG Service Representative.
  • User-specific audits or user-specific context is not supported for Client Management. If user-specific context is required for your third-party API access, use the Non-Interactive Application Flow.
  • For more information about using Client Management to authenticate and grant access to APIs, refer to the UKG Developer Hub

Create Client Management

  1. From the Main Menu, go to Administration > Application Setup > Common Setup > Client Management.
  2. Click Tap Create .
  3. Enter the following:
    • Name — Enter a unique name for the client. The name cannot start with a number, the maximum length is 50 characters, and you cannot use the following characters: & _ * % ? : ; = ( ) / [ ] \ | # @ < >
    • Description(Optional) — Enter a description for the client. The maximum length is 250 characters.
    • Client ID— Automatically generated by the system when you click tap Save.
    • Client Secret— Automatically generated by the system when you click tap Save.
    • Application Flow— Select the type of client that you are creating:
      • Interactive— The access token is fetched based on the user name and password in addition to the Client ID and Client Secret.

        In Grant Type, select one of the following:

        Authorization Code Flow(default for new clients; more secure) — Enter the Redirect URL(RedirectUri) and Logout Redirect URL(PostLogoutRedirectUri).

        Password Flow (ROPC)(default for current clients) — Uses resource owner password credentials (ROPC).

      • Non-interactive— The access token is fetched based on the Client ID and Client Secret, and the Function Access Profile (FAP) that defines the level of access that the client is allowed.

        Select the Function Access Profile to associate to this client.

    • Organization ID— Read-only field; displays the Organization ID.
    • Realm— Read-only field; displays the Realm.
  4. Click Tap Save.
    1. An In Progress status message opens. You can click tap Refresh to get updates to the status.
    2. If the status is Failed, click tap Retry to create the credentials again.
  5. When the Client ID is displayed, click tap Copy to copy the ID, then paste it in the client_id field of the configuration for the application you are building.
  6. When the Client Secret is displayed, click tap Copy to copy the secret, then paste it in the client_secret field of the configuration for the application you are building.
    Note: For more information, refer to the UKG Developer Hub.

Update a Client

  1. From the Main Menu, go to Administration > Application Setup > Common Setup > Client Management.
  2. Select the name of the credentials that you want to update, then click tap Edit .
  3. You can edit only the Name, Description, and Function Access Profile.
    Note: To modify the Client ID or the Application Flow type, you must create a new client.
  4. To create a new Client Secret for this Client, click tap Generate a New Client Secret. When you see the confirmation message, click tap Yes.
    Caution: When you generate a new Client Secret for an existing Client, your existing API calls will no longer work until the new Client Secret is updated.
  5. Click Tap Save.
  6. If you generated a new Client Secret, click tap Copy once it is displayed, then paste it in the client_secret field of the configuration for the application you are building.

Delete a Client

Warning: Deleting credentials renders any application or service that relies on those credentials unable to authenticate and get an access token. This effectively denies access to UKG Pro Workforce Management for that application or service that uses those credentials. This action cannot be undone, and any application or service using the credentials must be updated with new credentials to be able to function again.
  1. From the Main Menu, go to Administration > Application Setup > Common Setup > Client Management.
  2. Select the name of the credentials you want to delete, then click tap Delete .
  3. When you see the confirmation message, click tap Yes.