If you used the topic Manually Configure K2 for Azure Active Directory (AAD) in the K2 Five Product Documentation to configure your K2 environment with AAD, you would have set up delegated permissions. Using delegated permissions causes the OAuth token for the K2 server to expire every 90 days. You can use the procedure explained in the "OAuth token requires authorization" error article to renew the OAuth token, or you can reconfigure your K2 environment to use an application token flow (also called AppOnly), where the token for the K2 server effectively never expires. However, this approach requires that you reconfigure one of the delegated permissions to use application permissions, and this article describes how to perform this configuration procedure.
See these links for more information on delegated versus application permissions:
If you're manually integrating K2 with AAD for the first time, follow the procedure in the Manually Configure K2 for Azure Active Directory (AAD) topic of the K2 Five 5.3 Installation and Configuration Guide (ICG). This KB article is for people who set up AAD integration using delegated permissions, and who now want to change from delegated permissions to application permissions. Changing from delegated to application permissions follows the same basic steps as in the Installation Guide, but with the differences described in this article.
Perform these steps in your AAD tenant (you need to be an admin on the AAD tenant to do this):
|Application Permissions||Delegated Permissions|
|Read directory data||Read directory data|
|Sign in and read user profile|
|Read all users' basic profiles|
|Access the directory as the signed-in user|
Perform the following configuration on your K2 environment (you need to be a K2 admin to do this):
After performing these steps, your AAD integration is switched from using delegated permissions to application permissions. Your OAuth token for the K2 server no longer expires every 90 days.