Enable Application Registration

    • Dev Portal is enabled on the same Workspace as the Service.
    • The Service is created and enabled with HTTPS.
    • Logged in as an admin with read and write roles on applications, services, and developers.
    • The configuration option is configured for your OAuth provider and strategy (kong-oauth2 default or external-oauth2). See Configure the Authorization Provider Strategy for the Portal Application Registration plugin.
    • Authorization provider configured if using a supported third-party identity provider with the OIDC plugin:
      • For example instructions using Okta as an identity provider, refer to the .
      • For example instructions using Azure AD as an identity provider, refer to the Azure example.

    To use Application Registration on a Service, the Portal Application Registration Plugin must be enabled on a Service.

    In Kong Manager, access the Service for which you want to enable Application Registration:

    1. From your Workspace, in the left navigation pane, go to API Gateway > Services.
    2. In the Plugins pane in the Services page, click Add a Plugin.

    3. On the Add New Plugin page in the Authentication section, find the Portal Application Registration Plugin and click Enable.

    4. Enter the configuration settings. Use the parameters in the next section, Application Registration Configuration Parameters, to complete the fields.

      Important: Exposing the Issuer URL is essential for the workflow configured for third-party identity providers.

    5. Click Create.

    Kong OAuth2 strategy:

    • If using the Kong-managed authorization strategy (kong-oauth2) with the OAuth2 plugin, configure the Kong OAuth2 plugin as appropriate for your authorization requirements. You can use either the Kong Manager GUI or cURL commands as documented on the . The OAuth2 plugin cannot be used in hybrid mode.
    • If using the Kong-managed authorization strategy () with key authentication, configure the Kong Key Auth plugin as appropriate for your authorization requirements. You can use either the or cURL commands as documented on the Plugin Hub. The Key Auth plugin cannot be used in hybrid mode.

    External OAuth2 strategy: