Luware Knowledge

Nimbus Portal Nimbus Admin Nimbus Release Notes Luware Cloud Status
Home Nimbus Administration Configuration (Admin)

Authentication

During a Web Requests most likely need to provide authentication when accessing external systems or services (e.g., a CRM). In the Authentication configuration item you can set up and manage your authentications (for later re-use) as follows:

Property Description
Name Name of the authentication item.
Organization Unit Organization Unit under which this authentication will be available. 
Description A short description that explains what this authentication is for.
Type

The type of your authentication method. The following authentication methods are currently supported:

  • API Key - A unique code used to identify and authorize your system when connecting to an external service. The key is included with each request to prove that it comes from a trusted source.
  • OAuth 2.0 Client Credentials - A secure, token-based method. Your system uses a client ID and secret to automatically obtain an access token from the external service. The token is then used to perform requests without requiring manual login.
API Key Name

💡 Shown when API Key is selected.

 

The exact API key name that will be sent to the server.
How Sent

💡 Shown when API Key is selected.

 

Select how the key is sent to the server: in the Request Header or as a Query String.
Key Value

💡 Shown when API Key is selected.

 

The actual API key provided by the external service.
Access Token URL

💡 Shown when OAuth 2.0 Client Credentials is selected.

 

The URL provided by the external system (e.g., a CRM) to request an access token.
Client ID

💡 Shown when OAuth 2.0 Client Credentials is selected.

 

The ID assigned to Nimbus when registering with the external system.
Client Secret

💡 Shown when OAuth 2.0 Client Credentials is selected.

 

The secret key assigned to Nimbus by the external system; used together with the Client ID to request a token.
Scope

💡 Shown when OAuth 2.0 Client Credentials is selected.

 

Optional permissions Nimbus requests from the external system.

🔎Below a listing of our Common Authentication Configuration examples. We are gradually updating this information as we gather experience and input from our customers.

💡Note that Authentication configuration items cannot be deleted as long as they are in use. In the Authentication list, you can see which authentication items are used by which Web Request.

 

Common Authentication Configurations

Authentication - Common Configurations

The following is auxiliary information, meant to be used with the Nimbus Web Requests feature and related Authentication configuration items.

☝Before you start

  • Instructions refer to 3rd party documentation and UI descriptors, which are subject to change. 
  • Contents below were taken from, quoted and/or summarized from 3rd party documentation. Please carefully review the sources during your implementation, as steps and descriptions may differ.
  • We provide this configuration as general guideline, not specifically catered to any particular use case.
  • Luware support does not cover issues caused by a faulty integration, nor can we provide support for 3rd party platforms outside of Nimbus Web Requests / Power Automate Connector feature context. 
  • You may however request updates to our documentation, should you find information to be wrong or insufficient.
 

INC Icon Legend Accordion

Show Icon Legend 💡 = A hint to signal learnings, improvements or useful informati...

Show Icon Legend

💡 = A hint to signal learnings, improvements or useful information in context. 🔍 = Info points out essential notes or related page in context.
☝ = Notifies you about fallacies and tricky parts that help avoid problems. 🤔 = Asks and answers common questions and troubleshooting points.
❌ = Warns you of actions with irreversible / data-destructive consequence. ✅ = Intructs you to perform a certain (prerequired) action to complete a related step.
 
 

Set-up

ACS (Azure Communication Services)

Use ACS for sending out SMS directly from the Nimbus Workflow using the WebRequest activity.

Create an App Registration in Azure AD

✅This is required to enable OAuth 2.0 authentication for ACS.

 
  1. Sign in to Azure Portal https://portal.azure.com 
    1. Navigate to Azure Active Directory → App registrations → New registration
    2. Add Enter a Name (e.g., ACS-WebRequest-App).
    3. Optionally, set a Redirect URI if you plan to use authorization code flow.
  2. Register the application
    1. Click Register.
    2. 🧠 After registration, note down:
      • Application (client) ID
      • Directory (tenant) ID
  3. Create a Client Secret
    1. Under Certificates & secrets, click New client secret.
    2. 🧠Copy the secret value (it won’t be shown again).

🔎 Source: Microsoft Docs – ACS Authentication

 
 

Role Assignment

✅This grants the app permission to manage ACS resources.
💡Note: There is no dedicated ACS permission for SMS usage; the Contributor role covers it.

 
  1. In Azure Portal, navigate to your ACS Resource
    1. Go to Communication Services 
    2. Select your ACS resource.
  2. Open Access Control (IAM)
  3. Add Role Assignment
    1. Click Add → Add role assignment.
    2. Select Role: Contributor.
    3. Assign Access to: Azure AD user, group, or service principal.
    4. Search for your App Registration name (e.g., ACS-WebRequest-App) and select it.
  4. Confirm and save.

🔎Source: Microsoft Docs – ACS Authentication

 
 

Create the Authentication Configuration in Nimbus

✅ Now you can add the Authentication configuration in Nimbus with the following values.

  1. Type = OAuth 2.0 client credentials
  2. Access token URL
    https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token
  3. Client Id and Client Secret: use the copied values from your App Registration
  4. Scope
    https://communication.azure.com/.default
 
 

Dataverse

Use the dataverse connection to query dataverse tables via Odata, i.e. to find the related Dynamics contact for a given phone number and add customer context to the Nimbus task.

Create an App Registration in Azure AD

✅This enables OAuth 2.0 authentication for Dataverse.

 
  1. Sign in to Azure Portal https://portal.azure.com 
    1. Navigate to Azure Active Directory → App registrations → New registration
    2. Add Enter a Name (e.g., Dataverse-App).
    3. Choose Supported account types (usually “Single tenant”).
    4. No redirect URI is needed for client credentials flow.
  2. Register the application
    1. Click Register.
    2. 🧠 After registration, note down:
      • Application (client) ID
      • Directory (tenant) ID
  3. Create a Client Secret
    1. Under Certificates & secrets, click New client secret.
    2. 🧠Copy the secret value (it won’t be shown again).

🔎 Source: Microsoft Docs - Quickstart Register App

 
 

Add App as Application User in Power Platform

✅This links your app registration to the Dataverse environment.

 
  1. Go to Power Platform Admin Center https://admin.powerplatform.microsoft.com 
  2. Select Environment → Settings → Users + Permissions → Application Users
  3. Click + New app user.
    1. Choose Add existing app registration.
    2. Search for your app registration and select it.
  4. Save the application user.

🔎Source: Microsoft Docs - Manage application users

 
 

Assign Roles

Roles determine which tables and apps the app can access.

 
  1. Still in Power Platform Admin Center. In the same Application Users screen, select your app user.
  2. Click Manage Roles.
  3. Assign roles such as:
    • Salesperson
    • System Customizer
    • Or any custom role that grants access to required tables.

🔎Source: Microsoft Docs - Security Roles

 
 

Create the Authentication Configuration in Nimbus

✅ Now you can add the Authentication configuration in Nimbus with the following values.

  1. Type = OAuth 2.0 client credentials
  2. Access token URL
    https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token
  3. Client Id and Client Secret: use the copied values from your App Registration
  4. Scope
    https://{your-dynamics-url}.crm11.dynamics.com/.default
 
 

Hubspot

Use HubSpot Private App API Key

HubSpot deprecated legacy API keys for security reasons, so the recommended approach is to create a Private App and use its token as an API key.

 
  1. Sign in to HubSpot. Go to your HubSpot account.
  2. Create a Private App
    1. Navigate to Settings → Integrations → Private Apps.
    2. Click Create private app
    3. Provide:
      1. Name
      2. Description
  3. Configure Scopes (e.g., crm.objects.contacts.read, crm.objects.deals.write).
  4. Save and copy the Access Token (this acts as your API key).

🔎Source: https://developers.hubspot.com/docs/api/private-apps 

 
 

Create the Authentication Configuration in Nimbus

✅ Now you can add the Authentication configuration in Nimbus with the following values.

  1. Type = API Key
  2. API Key Name = a name of your choice, i.e. Private App Name
  3. How Sent = Request Header
  4. Key Value: {your-api-key}
 
 

Power Automate

Run your existing secured Power Automate Flows holding logic and data processing, directly from the Nimbus Workflow. This allows you to quickly reuse old flows and later switch to more performant APIs without breaking existing logic. Or simply to tie the flows into the Nimbus Workflow for better visibility. 

Create an App Registration in Azure AD

✅This app will provide the identity for Power Automate to authenticate.

 
  1. Sign in to Azure Portal https://portal.azure.com 
    1. Navigate to Azure Active Directory → App registrations → New registration
    2. Add Enter a Name (e.g., PowerAutomate-WebRequest-App).
    3. No redirect URI needed for client credentials flow.
  2. Register the application
    1. Click Register.
    2. 🧠 After registration, note down:
      • Application (client) ID
      • Directory (tenant) ID
  3. Create a Client Secret
    1. Under Certificates & secrets, click New client secret.
    2. 🧠Copy the secret value (it won’t be shown again).

🔎 Source: https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app 

 
 

Assign Permissions to the App Registration

Your app needs API permissions to interact with flows.

 
  1. In App Registration → API Permissions → Add a permission
    1. Select APIs my organization uses.
    2. Search for Power Automate Service or Microsoft Flow Service.
    3. Add Delegated or Application permissions as required (e.g., Flows.ReadWrite.All).
  2. Click Grant admin consent for your organization.

🔎 Source: https://learn.microsoft.com/en-us/connectors/powerautomate 

 
 

Create the Authentication Configuration in Nimbus

✅ Now you can add the Authentication configuration in Nimbus with the following values.

  1. Type = OAuth 2.0 client credentials
  2. Access token URL
    https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token
  3. Client Id and Client Secret: use the copied values from your App Registration
  4. Scope
    https://service.flow.microsoft.com//.default
 
 

Salesforce

Create an External Client App

  1. Create the App
  2. Go to Policies > OAuth Flows and External Client App Enhancements and enable Client Credentials Flow
    1. Choose a User with API Access
      1. Depends on license type (Enterprise, Platform, etc.).
      2. Ensure the user has API Enabled in their profile.
  3. Go to Settings > OAuth Settings
    1. Set the Callback URL to https://localhost
    2. Then choose the selected OAuth Scopes. full_access alone is not sufficient— also add specific scopes like:
      1. Access The Salesforce API platform (sfap_api)
      2. Perform requests at any time (refresh_token, offline_access)
      3. Access unique user identifiers (openid)
      4. others required by your integration
  4. Copy Consumer Key and Consumer Secret and note them down

🔎 Source: Create an External Client App

 
 

Create the Authentication Configuration in Nimbus

✅ Now you can add the Authentication configuration in Nimbus with the following values.

  1. Type = OAuth 2.0 client credentials
  2. Access token URL
     https://{your-salesforce-url}/services/oauth2/token
  3. Client Id and Client Secret: use Consumer Key and Consumer Secret from the External Client App
  4. Scope = leave blank
 
 

Sharepoint

Use sharepoint to access list values directly from the Nimbus Workflow as shown in this use case Luware Nimbus - Use Case - Using Web Requests to Block Callers on a Blacklist 

Create an App Registration in Azure AD

  1. Register an app in Azure Active Directory.
  2. Generate Client ID, Tenant ID, and Client Secret.
  3. No redirect URI needed for client credentials flow.

🔎 Source: https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app 

 
 

Assign API permissions

  1. Go to API Permissions in your app registration.
  2. Add Microsoft Graph → Application permissions → Sites.Read.All.
  3. Click Grant admin consent.

🤔Why Sites.Read.All? 
This allows your app to read SharePoint site content without user interaction.

 

🔎 Source: https://learn.microsoft.com/en-us/graph/permissions-reference 

 
 

Create the Authentication Configuration in Nimbus

✅ Now you can add the Authentication configuration in Nimbus with the following values.

  1. Type = OAuth 2.0 client credentials
  2. Access token URL
    https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token
  3. Client Id and Client Secret: use the copied values from your App Registration
  4. Scope
    https://graph.microsoft.com/.default
 
 

General Notes

💡Response Mapping

Use JSON Path Finder to find the corresponding path for a particular value (click and copy, replace x. by $. in Nimbus)

 

 

Use Case - Adding Custom Data to Luware Power BI Reports

In this Use Case we cover the following scenario: The Nimbus service workflow ask...

Use Case - Sending SMS through ACS in Nimbus

This Use Case demonstrates the capability of sending SMS to Customers using Azure...

Use Case - Updating a Task for a Known Contact in Salesforce

In this use case, we want to use the Nimbus Power Automate Connector to log a new...

Table of Contents