# WorkflowGen CLI ## Interactive mode ### Create a new native application 1. In your Okta developer portal, go to the **Applications** item under the **Applications** menu, then click **Create App Integration**.
2. Select the **OIDC - OpenID Connect** sign-in method, select **Native Application** as the application type, then click **Next**.\ \ ![](https://content.gitbook.com/content/2sHxsrPmYoHfTyABKAbS/blobs/9LjTZOTIdXWLzsrx4u4N/image.png)
3. Enter the following information: * **Name:** `WorkflowGen CLI` * **Grant type:** Check `Authorization Code` and `Refresh token` * **Sign-in redirect URIs:** Define the URL as `http://127.0.0.1:8888/callback`
✏️ **Note:** Port `8888` is defined by default; you can change it if it's already in use on your computer. * **Sign-out redirect URIs:** Don't define a URL. Clear the field if there's a default value. * **Controlled access**: Check `Allow everyone in your organization to access` \ ![](https://content.gitbook.com/content/2sHxsrPmYoHfTyABKAbS/blobs/UrOruswwIGb31Bf7z2pE/image.png)\ \ ![](https://content.gitbook.com/content/2sHxsrPmYoHfTyABKAbS/blobs/tyreVmFphfhIYhE9JiwX/image.png)
4. Click the **Save** button. ### Review the registration If you've configured delegated authentication to Okta on your WorkflowGen server, you should have an access policy on your Okta authorization server from the WorkflowGen GraphQL API that will allow all configured users to access it; there's nothing left to do on the Okta side. Here's a summary of the information you'll need: * A `client ID`, which can be found on the **General** tab on the WorkflowGen CLI native application's page. * A `metadata endpoint`, which consists of the value of **Metadata URI** property from the **Settings** tab of your WorkflowGen GraphQL API authorization server with `/.well-known/oauth-authorization-server` replaced by `/.well-known/openid-configuration`. {% hint style="success" %} All of this information must be given to users who will be using the WorkflowGen CLI. {% endhint %} ## Non-interactive mode The configuration of non-interactive mode is the same as in the [Okta configuration for server-side scripts](https://docs.workflowgen.com/tech/10.0/okta-integration/server-side-scripts) section. Here's a review of the information of the information you'll need: * A `client ID`, which can be found on the registered application's parameters tab. * A `client secret`, which can be found on the registered application's parameters tab. * The `domain`, which can be found on the registered application's parameters tab. {% hint style="success" %} You can now use the WorkflowGen CLI in `Client credentials` mode. {% endhint %}