# Create SSO Client for Application

To allow client application to access Service Registry secured by SSO, a SSO client ID and secret should be given to the client application so it can use the given client ID and secret for authentication when it calls Service Registry APIs. Also, the client ID and secret will be used to configure Kafka Producer and Consumer when the the client application wants to access Service Registry.

Following these steps to create a new SSO client:

1. Login to SSO web console with admin user.
2. Select the **Registry** realm (or the realm you created in [this section](https://audomsak.gitbook.io/red-hat-service-registry/security/rhsso-deployment/create-registry-realm)), then select **Clients** menu, and then click **Create** button.

   ![Create SSO client](https://2900952542-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F5K4aVwhFRyCBBx4mXirV%2Fuploads%2Fgit-blob-1f8793fb18dc5805475a5f8fed1f12b5d81e7e60%2Fsso-client-1.png?alt=media)
3. Enter **Client ID** value as you need, then click **Save** button.

   ![Create SSO client](https://2900952542-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F5K4aVwhFRyCBBx4mXirV%2Fuploads%2Fgit-blob-41ffae0ee647593e814ac688047489507b5d516d%2Fsso-client-2.png?alt=media)
4. Change **Access Type** to `confidential`, turn off **Standard Flow Enabled** and **Direct Access Grants Enabled** options. And turn on **Service Accounts Enabled** option to enable OAuth 2.0 Client Credentials flow only.

   Note. You can enable others flows as you need. But for demostration purpose, only **Service Accounts Enabled** option is enough.

   ![Create SSO client](https://2900952542-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F5K4aVwhFRyCBBx4mXirV%2Fuploads%2Fgit-blob-ebd3baf9d196495ffa6cecb70e1dfca348c2db81%2Fsso-client-3.png?alt=media)
5. Scroll down to bottom then click **Save** button.

   ![Create SSO client](https://2900952542-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F5K4aVwhFRyCBBx4mXirV%2Fuploads%2Fgit-blob-be8694f75cdb0c4d163d76adcb40f28597e202bf%2Fsso-client-4.png?alt=media)
6. Go to **Credentials** tab, you should be able to see secret value. This will be given to client application along with the client ID.

   ![Create SSO client](https://2900952542-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F5K4aVwhFRyCBBx4mXirV%2Fuploads%2Fgit-blob-e711479c695eaccacc35a613c30aff1ce7f2c2b1%2Fsso-client-5.png?alt=media)