Search K
Appearance
Client Applications
The Client Applications page manages authentication credentials for external applications connecting to MinuteView. This configuration is essential for enabling MinuteController, MinuteCreator, and Automations to securely communicate with the MinuteView server.
Overview
Client Applications use Client IDs and Client Secrets to authenticate and authorize external applications. Each client application is assigned specific scopes that control which MinuteView APIs and resources it can access.
Creating a New Client Application
1. Click New
Navigate to Console → Client Applications and click the New button to create a new client application.
2. Enter Application Details
Client Application Name
A descriptive name to identify this client application (e.g., "Production Creator Client", "Automations Server").
Allowed Scopes
Select one or more API scopes that define what resources this client can access:
| Scope | Description | Required For |
|---|---|---|
| api:PowerShell | Allows the application to retrieve PowerShell scripts from the MinuteView server | Creator, Controller, Automations |
| api:Vault | Allows the application to retrieve Vault information such as options and configurations | Creator, Controller, Automations |
| api:Workflows | Allows access to workflows, including listing workflows, accessing service accounts, and executing workflows | Automations |
Recommended Scope Combinations:
- MinuteCreator →
api:PowerShell+api:Vault - MinuteController →
api:PowerShell+api:Vault - Automations →
api:PowerShell+api:Vault+api:Workflows
Allow Transferable Usage
A checkbox that controls client authentication security:
Checked – The client ID and secret can be used from any server or machine. This allows you to copy-paste credentials across multiple installations without binding them to a specific machine.
- Less secure, but required for applications like MinuteController that may run on multiple workstations.
Unchecked – The client ID and secret are fingerprinted and secured to a single PC or server. Credentials cannot be transferred to other machines.
- More secure, recommended when the application runs on a dedicated server.
3. Download Configuration File (Optional)
Click Download Configuration File to export a JSON file containing the client configuration. This file can be imported directly into MinuteCreator, MinuteController, or Automations for quick setup.
Managing Client Applications
Once created, client applications appear in a table with the following columns:
| Column | Description |
|---|---|
| Name | The descriptive name of the client application |
| Client ID | The unique identifier for this client |
| Allowed Scopes | The API scopes granted to this client (e.g., api:PowerShell, api:Vault) |
| Transferable | Yes if transferable usage is allowed, No if fingerprinted to a specific machine |
| Fingerprint | Registered if the client has been bound to a specific machine, Not Set if transferable or not yet authenticated |
| Last Auth | Timestamp of the most recent successful authentication |
| Actions | Available management actions (see below) |
Available Actions
View Details
Opens a dialog showing complete details about the client application, including:
- Client ID
- Allowed scopes
- Transferable status
- Fingerprint information
- Authentication history
Edit
Allows modification of:
- Client application name
- Allowed scopes
Note: Client ID and Client Secret cannot be changed via edit.
Download
Downloads the client configuration as a JSON file.
⚠️ Important: Downloading the configuration file will refresh the Client Secret. Any applications using the old secret will need to be updated with the new credentials.
Refresh Secret
Generates a new Client Secret for the application. Use this action if:
- Credentials have been compromised
- You need to rotate secrets for security compliance
⚠️ Important: After refreshing, you must update all applications using this client with the new secret.
Delete
Permanently removes the client application. All applications using this client ID and secret will no longer be able to authenticate.
Security Best Practices
- Use Non-Transferable Clients whenever possible for dedicated servers or single-machine deployments.
- Rotate Client Secrets regularly, especially for transferable clients.
- Grant Minimum Required Scopes – Only assign the scopes necessary for the application's functionality.
- Monitor Last Auth timestamps to detect unauthorized or unexpected usage.
- Delete Unused Clients to reduce potential attack surface.
Troubleshooting
Authentication Failures
- Verify the Client ID and Client Secret are correct
- Check that the required scopes are granted for the operations being performed
- For non-transferable clients, ensure the application is running on the registered machine
- Review Last Auth to confirm the client has successfully authenticated before
Transferable vs. Fingerprinted Clients
- If you receive fingerprint mismatch errors, the client may be set to non-transferable
- Enable Allow Transferable Usage if you need to use the same credentials across multiple machines
See Also
- Console → Service Accounts – Configure third-party service integrations
- MinuteCreator Installation – Setup guide for Creator clients
- MinuteController Installation – Setup guide for Controller clients
- Automations Engine Documentation – Workflow automation configuration