Provide a new application
  • 3 minutes to read
  • Dark
  • PDF

Provide a new application

  • Dark
  • PDF

Article Summary

For access by applications, separately from common users, senhasegura has the A2A module where each application will have its access group. Also, implementing the single privilege principle where an application will not have access to the same information as another application.

Create and edit an application

To create a new authorization, go to A2A ➔ Application Authorizations.

  1. Click on the icon
  2. Click on the + New application option
  3. Add the following information:
  • Application name
  • Using OAuth signing
    • OAuth 1.0
    • OAuth 2.0
    • AWS
  • Active: Add to know if the application can be used or not.
  • Tags: Add identification tags
  • Description: Add the information you want about the application
  • Amazon AWS ARNs: Only if AWS Authentication Method


To create a new authorization, go to A2A ➔ Applications

  1. Click on the icon
  2. Click on the Authorizations option
  3. Click on the icon
  4. Click on the + New option
  5. To edit the desired authorization, click Click the authorization icon ⁝ and select change
  6. Add the information needed


  • Expiration date: Period the authorization will be active
  • Active: Add to know if the application can be used or not.
  • Environment: Environment in which authorization will be active
  • System: System in which authorization will be active


  • Authorized Resources: Use to limit which resources and products the user will have access to
    • PAM Core: Provisioning and querying credentials, SSH keys, and other protected information from the PAM module.
    • Certificate Manager: Requests, consultation, signature, and other activities of the Certificate Manager module
    • Task Manager: Creating and Changing Task Manager Module Activities
    • Dashboard: Knowledge and consumption of data printed on dashboards.
    • Web Proxy Session: Authenticated URL for starting a web session on devices previously registered in the Web Proxy.
    • A2A: Consultation and registration of A2A applications.
  • PAM resource permissions
    • Read-only: The user will have view-only access
    • Read and Write: the user will have access to view, edit and delete any data

Be careful when releasing Read and Write, as the user will have full access to the edit data here.

  • Enable encryption of sensitive information: When enabling this option, sensitive information such as passwords and secrets will be returned in encrypted API calls. To decrypt the information, just use the private key available in the authorization settings.
  • Authorized IPs: Use it to limit which IPs the user will have access to.

For production environments, it is recommended to signal the IPs that can be accessed for greater security.

  • Authorized HTTP referrers: To define from which previous web address requests will be allowed. Learn more about HTTP refers here.
  • Certificate Validation: Allows you to add a certificate as an additional security layer from fingerprint validation. When enabling, in addition to the OAuth authentication data, for example, the certificate sent in the request will also be validated.


  • Access Credential: Use an IP, hostname, or Username to add a credential registered in PAM CORE
  • Create a new credential: Create a credential if you don't have one active.

Only device, username, and password information can be filled in.

  • Device: Enter the Device
  • Username: Enter the username
  • Password: Add a password


  • Devices: Add the desired devices that are registered in Devices

If the view and edit option is active, adding devices in this field is not necessary.

Protected information

  • Protected Information: Add the desired Personal Vault information

Authorization by application

To see a complete list of all authorizations by application, access menu A2A ➔ Authorizations by application. On this screen, in addition to viewing the details of each authorization by application, it is possible to edit an existing authorization and create a new one.


The screen will only show application updates that have already been successfully created and saved.


We recommend using this screen to facilitate the visualization of all authorizations per application in one place, avoiding the need to enter each application separately so that it is possible to view the respective authorizations.

Export Logs

To export log data, just access the menu A2A ➔ Logs

  1. Click the ⁝ icon
  2. Select the Export CSV option

Was this article helpful?