> ## Documentation Index
> Fetch the complete documentation index at: https://docs.stackone.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Connect Cornerstone with OAuth 2.0 – StackOne Hub

> Link a Cornerstone account in the StackOne Hub using OAuth 2.0. End-user guide to authorize the integration and start using Cornerstone actions.

<Warning>Ensure that your Cornerstone account has Admin privileges.</Warning>

<section data-guide-section data-guide-scopes="">
  <h2>Generate Client ID and Secret key</h2>

  <p>To connect Cornerstone with StackOne, you'll need to register an OAuth 2.0 application in your Cornerstone portal.</p>

  <Steps>
    <Step title="Login to your Cornerstone portal">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Sign in to your <a href="https://www.cornerstoneondemand.com" target="_blank" rel="noopener noreferrer">Cornerstone account</a>.</p>
      </div>
    </Step>

    <Step title="Navigate to API Management">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Navigate to <strong>Admin > Tools > Edge > API Management</strong>.</p>
      </div>
    </Step>

    <Step title="Register New Application">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>On the <strong>Manage Applications</strong> tab, click <strong>Register New Application</strong>.</p>
      </div>
    </Step>

    <Step title="Enter Application Details">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Provide the required application information.</p>

        <ul>
          <li><strong>Application Name</strong>: Enter a descriptive name (e.g., StackOne Integration)</li>
          <li><strong>User ID</strong>: Enter the User ID of an active user in your portal</li>
        </ul>
      </div>
    </Step>

    <Step title="Select Application Scopes">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>In the <strong>Scopes</strong> section, select the scopes you want to associate with your application. The following scopes are required for StackOne connector functionality.</p>

        <ul>
          <li>training:read</li>
          <li>training:create</li>
          <li>obj\_users\_core:read</li>
          <li>learningassignment:read</li>
          <li>transcript:read</li>
          <li>transcript:create</li>
          <li>transcript:create:assign</li>
          <li>transcript:update</li>
          <li>transcript:update:complete</li>
          <li>transcript:update:progress</li>
          <li>approval:read</li>
          <li>inbox:read</li>
          <li>task:read</li>
          <li>expressclass:create</li>
        </ul>
      </div>
    </Step>

    <Step title="Complete Registration">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Click <strong>Register Application</strong> to complete the registration process.</p>
      </div>
    </Step>

    <Step title="Save your credentials securely">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>If the User ID is valid, you'll receive your Client ID and Client Secret. Store these credentials securely for use later.</p>

        <ul>
          <li>⚠️ The Client Secret will only be shown once and cannot be retrieved later. If lost, you'll need to regenerate it.</li>
        </ul>
      </div>
    </Step>
  </Steps>
</section>

<section data-guide-section data-guide-scopes="">
  <h2>Configure User Permissions</h2>

  <p>Ensure the user associated with your OAuth application has the necessary permissions.</p>

  <Steps>
    <Step title="Navigate to User Management">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Navigate to <strong>Admin > Tools > Core Functions > Users</strong> and search for the user which is associated with the Application you created in the previous step.</p>
      </div>
    </Step>

    <Step title="Configure Permissions">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Click on <strong>Options > Permissions</strong>. Ensure the following permissions are configured to either `There are no constraints available for this permission.` or `Restrict to User's Corporation.`</p>

        <ul>
          <li>Reporting API - Read only</li>
          <li>Transcript API - Request</li>
          <li>Transcript API - View</li>
          <li>Employee API - View</li>
          <li>Learning Assignment API - View</li>
        </ul>
      </div>
    </Step>
  </Steps>
</section>

<section data-guide-section data-guide-scopes="">
  <h2>Find Your Company Domain</h2>

  <p>Your Company Domain is the subdomain part of your Cornerstone URL.</p>

  <Steps>
    <Step title="Locate Domain in URL">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>When logged in to your Cornerstone account, look at the URL in your browser.</p>

        <ul>
          <li>Example: If your URL is `my-company.csod.com`, your domain is `my-company`</li>
          <li>Enter only the subdomain part (without `.csod.com`)</li>
        </ul>
      </div>
    </Step>
  </Steps>
</section>

<section data-guide-section data-guide-scopes="">
  <h2>Troubleshooting</h2>

  <p>Common issues and how to resolve them.</p>

  <Steps>
    <Step title="Error: 'Provided user does not have Rest services permissions and/or constraints to perform this operation'">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>This error message indicates that the API you are trying to access is not enabled in your Cornerstone portal. To resolve this error, follow these steps.</p>

        <ul>
          <li>Navigate to <strong>Admin > Tools > Edge > Integrations > Manage APIs</strong> within your Cornerstone portal.</li>
          <li>Ensure the toggles for <strong>Cornerstone API</strong> and <strong>Reporting API</strong> are turned on.</li>
          <li>If the toggles are already turned on, try turning them off and then back on again. This action resets the backend settings that control access to Cornerstone's APIs.</li>
          <li>After performing the above steps, if you still see the same error response, please log a case with Cornerstone Global Customer Support (GCS).</li>
        </ul>
      </div>
    </Step>

    <Step title="Error: 401 Unauthorized response when accessing the Reporting API">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>There are a few things you should check when you receive this response.</p>

        <ul>
          <li>Verify that the Reporting API is enabled for the environment that you are trying to pull data from. Navigate to <strong>Admin > Tools > Edge > API Management > Manage APIs</strong>. You should see the Reporting API enabled on this page.</li>
          <li><strong>If using OAuth 2.0</strong>: Ensure that the user account associated with your registered OAuth 2.0 application has the <strong>Reporting API - Read only</strong> permission.</li>
          <li><strong>If using OAuth 2.0</strong>: Ensure that your OAuth 2.0 application has the required scope to access the endpoint that you are trying to retrieve data from.</li>
          <li><strong>If using OAuth 2.0</strong>: Ensure that the OAuth 2.0 access token is still valid. Remember that OAuth 2.0 access tokens are valid for an hour by default, unless you set a different validity period for your application in the API Management page in Edge.</li>
          <li>After performing the above steps, if you still see an 'unauthorized access' error, please log a case with Cornerstone Global Customer Support (GCS).</li>
        </ul>
      </div>
    </Step>
  </Steps>
</section>

<div data-whitelabel-hide>
  <h2>Linking the Account from the Hub</h2>

  <Steps>
    <Step title="Navigate to the Hub">
      Use one of the three <a href="/guides/accounts-section#linking-accounts">Linking Account Methods</a> to access the Hub.
    </Step>

    <Step title="Fill out the fields">
      Fill out the following fields using details from your provider:

      <ul>
        <li><strong>Client ID</strong></li>
        <li><strong>Client Secret</strong></li>
        <li><strong>Company Domain</strong></li>
        <li><strong>Application Scopes</strong> (Optional)</li>
      </ul>
    </Step>

    <Step title="Connect">
      <ul>
        <li>Click <strong>Connect</strong></li>
        <li>If applicable, the provider will redirect you to a sign-in or authorization page. Complete the provider's authorization flow.</li>
        <li>Once authorization is successful, you will see a confirmation popup</li>
      </ul>
    </Step>
  </Steps>

  <p>If the account linking is successful, you will see the newly linked account in your <a href="/guides/accounts-section">Accounts</a> page.</p>
</div>
