Article ID: 000090097 Content Type: Troubleshooting Last Reviewed: 03/23/2022

Generating Client Credentials for System-to-System Authentication to Intel® Endpoint Management Assistant (Intel® EMA)

Environment

Windows Server 2016 Family*, Windows Server 2022 Family, Windows Server 2012 family*

BUILT IN - ARTICLE INTRO SECOND COMPONENT
Summary

Intel® EMA implements the OAuth 2.0 Client Credentials flow, to support authentication for an application instead of an end-user.

Description

Unable to create client ID.

Resolution

Intel® EMA implements the OAuth 2.0 Client Credentials flow, to support authentication for an application instead of an end-user.
Client credentials (including a Client ID and a Client Secret) can be created exclusively via Intel® EMA’s REST API, by a tenant administrator.

Only one set of client credentials can be created per Intel® EMA tenant.

A PowerShell script that demonstrates generating client credentials is available in the Intel® EMA API Sample Scripts package. Follow these steps to review the script:

  1. Download the Intel® EMA API Sample Scripts package
  2. Extract the zip file, and open this PowerShell script in the PowerShell ISE
    1. PowerShell/Snippets/EMA_API-CreateOrDeleteClientCredentialsForTenant.ps1
  3. Note the following variables:
    1. $emaServerURL is the URL of your EMA instance
    2. $clientSecret is a complex secret provided by the administrator. The value must meet the following criteria:
      • at least 12 characters, up to 255 characters
      • contains at least one number
      • contains both lowercase and uppercase alpha characters
      • contains at least one special character
    3. $emaUsername and $emaPassword are credentials of a tenant administrator on the Intel® EMA instance
    4. Set $deleteCreds to $TRUE to demonstrate deletion of existing client credentials
    5. Set $useADAuth to $TRUE if the Intel EMA instance uses Windows domain authentication
  4. The script demonstrates the REST API call used to generate client credentials. Client ID is provided in the results of the REST API call, and written to console by the script.


This Client ID can be used alongside the provided Client Secret to authenticate to Intel® EMA.

As provided, the script’s output should be similar to the below.

PS C:\Users\EMADemo> C:\EMA_API-CreateOrDeleteClientCredentialsForTenant.ps1
Target Intel(R) EMA Server = https://ema.server.com
Retrieved Intel(R) EMA token.
Calling POST https://ema.server.com/api/latest/clientCredentials
Created Client Id: abcdabcd-12ab-34cd-56ef-abcd1234abcd

 

In addition, details on the REST API calls are available in Intel® EMA’s REST API documentation

 

Related Products

This article applies to 1 products

Disclaimer

1

All postings and use of the content on this site are subject to Intel.com Terms of Use.