Enable Application Registration

    • Kong Gateway is installed, version 2.1.0.0 or later. If you plan to use key authentication, version 2.2.1.0 or later.
    • Dev Portal is enabled on the same Workspace as the Service.
    • Authentication is enabled on the Dev Portal.
    • Logged in as an admin with read and write roles on applications, services, and developers.
    • The configuration option is configured for your OAuth provider and strategy (kong-oauth2 default or external-oauth2). See for the Portal Application Registration plugin.
    • Authorization provider configured if using a supported third-party identity provider with the OIDC plugin:
      • For example instructions using Okta as an identity provider, refer to the Okta example.
      • For example instructions using Azure AD as an identity provider, refer to the .

    To use Application Registration on a Service, the Portal Application Registration Plugin must be enabled on a Service.

    In Kong Manager, access the Service for which you want to enable Application Registration:

    1. On the Services page, select the Service and click View.
    2. In the Plugins pane in the Services page, click Add a Plugin.

    3. On the Add New Plugin page in the Authentication section, find the Portal Application Registration Plugin and click Enable.

    4. Enter the configuration settings. Use the parameters in the next section, Application Registration Configuration Parameters, to complete the fields.

      Important: Exposing the Issuer URL is essential for the workflow configured for third-party identity providers.

    5. Click Create.

    Kong OAuth2 strategy:

    • If using the Kong-managed authorization strategy (kong-oauth2) with the OAuth2 plugin, configure the Kong OAuth2 plugin as appropriate for your authorization requirements. You can use either the Kong Manager GUI or cURL commands as documented on the . The OAuth2 plugin cannot be used in hybrid mode.

    External OAuth2 strategy:

    • If using the third-party authorization strategy (external-oauth2), configure the OIDC plugin. You can use the Kong Manager GUI or cURL commands as documented on the Plugin Hub. When your deployment is hybrid mode, the OIDC plugin must be configured to handle authentication for the Portal Application Registration plugin.