Implementation checklist for external users
To configure the system APIs for authentication for external users, you may need to do the following tasks:
| Task | More Information |
|---|---|
| Enable asymmetric encryption | Enabling bearer token authentication |
| Provide deployment information | Enabling bearer token authentication |
| Configure the IdP to store user information | Enabling bearer token authentication |
| Register the caller application with Guidewire Hub | Enabling bearer token authentication |
| Create or modify API roles | Endpoint access |
Review the resource access provided by the
bc_contactAuthorizationIds resource access strategy for account
holders or the bc_producerCodes resource strategy for
producers |
Resource access |
| Configure the proxy user | Proxy user access |
Configure the IExpandTokenPlugin plugin to retrieve additional
authorization values, if needed |
Configuring the IExpandTokenPlugin plugin |
To make a Cloud API call for external users, the caller application must:
- Request a code from Guidewire Hub
- Use the code to request a JWT from Guidewire Hub
- Include the JWT with the system API call
For more information, see Sending authenticated calls for external users.