You can create a template to enable a group of clients to register dynamically with the Workspace ONE Access service to allow users access specific applications.


Note: For Workspace ONE Access 22.09 on premises release, see Create Remote Access Template in Workspace ONE Access (On Premises only).


  1. In the Workspace ONE Access console Settings > OAuth 2.0 Management page, select Templates.
  2. Click ADD TEMPLATE and configure the following .
    Label Description
    Template ID Enter a unique name that identifies this template. The name can be a combination of letters, numbers and the special characters _ . - @ . The template ID cannot have spaces in the name.
    Scope For the User Access Token, select one or more identity scopes that you want as part of the OAuth 2.0 authorization request.
    Redirect URI Enter the registered redirect URI. Enter as

    You can use a comma separated list to add more than one redirect URL.

    Token Type This attribute tells the application what type of access token it is given. For the Workspace ONE Access service, the tokens are bearer tokens.
    Issue Refresh Token

    To allow for the return of a refresh token, leave this option enabled.

    Refresh Token TTL Set Refresh Token time to live. New access tokens can be requested until the refresh token expires.
    Access Token time-to-live (TTL) Set the access token time-to-live length. The access token expires based on the TTL set in Access Token Time-To-Live. If Issue Refresh Token is enabled, when the access token expires, the application uses the refresh token to request a new access token.
    Idle Token Time-to-Live (TTL) Configure how long a refresh token can be idle before it cannot be used again.
    User Grant Prompt users for scope acceptance is enabled. Users are shown a message that lists the scopes that are being sent.
  3. Click SAVE.