CIBA request policies process identity hints and authenticate users to receive consent. Each request policy is associated with an instance of a CIBA authenticator. The CIBA grant flow is initiated by a direct request from the client and involves an out-of-band interaction with the user to complete authentication and authorization. OAuth clients that support the CIBA grant type can be configured to use a specific CIBA request policy or a default.

  1. Go to Applications > OAuth > CIBA Request Policies. To configure a new CIBA request policy, click Add Policy.
  2. Select an action from the following options:
    • To modify an existing CIBA request policy, select it by its name under Policy ID.
    • To review the usage of an existing CIBA request policy, click Check Usage under Action.
    • To remove an existing CIBA request policy or to cancel the removal request, click Delete or Undelete under Action.
    • To elect an existing CIBA request policy to be the default CIBA request policy, click Set as Default under Action.