Skip to main content
Ensure that your Cornerstone account has Admin privileges.

Generate Client ID and Secret key

To connect Cornerstone with StackOne, you’ll need to register an OAuth 2.0 application in your Cornerstone portal.

1

Login to your Cornerstone portal

Sign in to your Cornerstone account.

2

Navigate to API Management

Navigate to Admin > Tools > Edge > API Management.

3

Register New Application

On the Manage Applications tab, click Register New Application.

4

Enter Application Details

Provide the required application information.

  • Application Name: Enter a descriptive name (e.g., StackOne Integration)
  • User ID: Enter the User ID of an active user in your portal
5

Select Application Scopes

In the Scopes section, select the scopes you want to associate with your application. The following scopes are required for StackOne connector functionality.

  • training:read
  • training:create
  • obj_users_core:read
  • learningassignment:read
  • transcript:read
  • transcript:create
  • transcript:create:assign
  • transcript:update
  • transcript:update:complete
  • transcript:update:progress
  • approval:read
  • inbox:read
  • task:read
  • expressclass:create
6

Complete Registration

Click Register Application to complete the registration process.

7

Save your credentials securely

If the User ID is valid, you’ll receive your Client ID and Client Secret. Store these credentials securely for use later.

  • ⚠️ The Client Secret will only be shown once and cannot be retrieved later. If lost, you’ll need to regenerate it.

Configure User Permissions

Ensure the user associated with your OAuth application has the necessary permissions.

1

Navigate to User Management

Navigate to Admin > Tools > Core Functions > Users and search for the user which is associated with the Application you created in the previous step.

2

Configure Permissions

Click on Options > Permissions. Ensure the following permissions are configured to either There are no constraints available for this permission. or Restrict to User's Corporation.

  • Reporting API - Read only
  • Transcript API - Request
  • Transcript API - View
  • Employee API - View
  • Learning Assignment API - View

Find Your Company Domain

Your Company Domain is the subdomain part of your Cornerstone URL.

1

Locate Domain in URL

When logged in to your Cornerstone account, look at the URL in your browser.

  • Example: If your URL is my-company.csod.com, your domain is my-company
  • Enter only the subdomain part (without .csod.com)

Troubleshooting

Common issues and how to resolve them.

1

Error: 'Provided user does not have Rest services permissions and/or constraints to perform this operation'

This error message indicates that the API you are trying to access is not enabled in your Cornerstone portal. To resolve this error, follow these steps.

  • Navigate to Admin > Tools > Edge > Integrations > Manage APIs within your Cornerstone portal.
  • Ensure the toggles for Cornerstone API and Reporting API are turned on.
  • If the toggles are already turned on, try turning them off and then back on again. This action resets the backend settings that control access to Cornerstone’s APIs.
  • After performing the above steps, if you still see the same error response, please log a case with Cornerstone Global Customer Support (GCS).
2

Error: 401 Unauthorized response when accessing the Reporting API

There are a few things you should check when you receive this response.

  • Verify that the Reporting API is enabled for the environment that you are trying to pull data from. Navigate to Admin > Tools > Edge > API Management > Manage APIs. You should see the Reporting API enabled on this page.
  • If using OAuth 2.0: Ensure that the user account associated with your registered OAuth 2.0 application has the Reporting API - Read only permission.
  • If using OAuth 2.0: Ensure that your OAuth 2.0 application has the required scope to access the endpoint that you are trying to retrieve data from.
  • If using OAuth 2.0: Ensure that the OAuth 2.0 access token is still valid. Remember that OAuth 2.0 access tokens are valid for an hour by default, unless you set a different validity period for your application in the API Management page in Edge.
  • After performing the above steps, if you still see an ‘unauthorized access’ error, please log a case with Cornerstone Global Customer Support (GCS).

Linking the Account from the Hub

1

Navigate to the Hub

Use one of the three Linking Account Methods to access the Hub.
2

Fill out the fields

Fill out the following fields using details from your provider:
  • Client ID
  • Client Secret
  • Company Domain
  • Application Scopes (Optional)
3

Connect

  • Click Connect
  • If applicable, the provider will redirect you to a sign-in or authorization page. Complete the provider’s authorization flow.
  • Once authorization is successful, you will see a confirmation popup

If the account linking is successful, you will see the newly linked account in your Accounts page.