You are browsing documentation for an outdated version.
See the latest documentation here.
Enable Application Registration
Application registration allows registered developers on the Kong Dev Portal to
authenticate with supported authentication plugins against a service on Kong.
Either Kong Gateway or external identity provider admins can selectively
admit access to services using Kong Manager.
- Dev Portal is enabled on the same workspace as the service.
- The service is created and enabled with HTTPS.
- Authentication is enabled on the Dev Portal.
- Logged in as an admin with read and write roles on applications, services, and
portal_app_auth configuration option is configured for your OAuth provider
and strategy (
kong-oauth2 default or
Configure the Authorization Provider Strategy for the Portal Application Registration plugin.
- Authorization provider configured if using a supported third-party
identity provider with the OIDC plugin:
- For example instructions using Okta as an identity provider, refer to the
- For example instructions using Azure AD as an identity provider, refer to the
Enable application registration on a service using Kong Manager
To use application registration on a service, enable the Portal Application Registration
In Kong Manager, access the service for which you want to enable application registration:
- From your workspace, in the left navigation pane, go to API Gateway > Services.
- On the Services page, select the service and click View.
- In the Plugins pane in the Services page, click Add a Plugin.
On the Add New Plugin page in the Authentication section, find the
Portal Application Registration plugin and click Enable.
Enter the configuration settings. Use the parameters in the next section,
Application Registration Configuration Parameters,
to complete the fields.
Important: Exposing the Issuer URL is essential for the
Authorization Code Flow
workflow configured for third-party identity providers.
- Click Create.
Application registration configuration parameters
|The service that this plugin configuration will target. Required.
|A set of strings for grouping and filtering, separated by commas. Optional.
|If enabled, all new service contract requests are automatically approved. Otherwise, Dev Portal admins must manually approve requests. Default:
|Description displayed in the information about a service in the Dev Portal. Optional.
|Unique name displayed in the information about a service in the Dev Portal. Required.
|Displays the Issuer URL in the Service Details page. Default:
false. Important: Exposing the Issuer URL is essential for the Authorization Code Flow workflow configured for third-party identity providers.
Choose an authorization strategy
and configure the appropriate plugin: OAuth2, Key Authentication, or OpenID Connect.