About Connected Apps for the AI Marketing Compliance Browser Extension

Modified on Thu, 14 May at 8:59 PM

A Connected App lets the IntelligenceBank AI Marketing Compliance browser extension pull content directly from a supported third-party application, so you can run a compliance, legal, and brand review without leaving your browser. This article covers the apps currently supported, how authentication works for each, what the customer needs to provide, and any feature restrictions to be aware of.

Table of Contents

What Connected Apps Are
Supported Apps
Connecting an App
Per-App Configuration
Feature Support Across Connected Apps
Need Help?

What Connected Apps Are

When you browse to a page in a supported third-party app, the extension recognises the URL, identifies the relevant entity (a task, a board item, a record, a design, a page), and offers the content attached to it as something you can review. This means a reviewer can stay inside Workfront, monday.com, Asana, Adobe Experience Manager, Canva, or ServiceNow and trigger a Risk Review on the document, attachment, or page they're looking at - without uploading files manually.

Each Connected App is enabled separately. Availability is controlled by your IntelligenceBank Site, and an administrator may need to set up authentication for some apps before users can connect.

Supported Apps

App	Content reviewed	Authentication	What the customer provides
Adobe Workfront	Document files attached to Projects and Tasks.	User OAuth - client level	A dedicated Workfront OAuth app: Client ID, Client Secret, and Instance URL are to be provided to IntelligenceBank for configuration.
monday.com	Files attached to Boards and Items.	User OAuth - shared (IntelligenceBank-supplied app)	A one-time install of the IntelligenceBank OAuth app on your monday.com workspace. See the monday.com notes below for the authorization URL.
Asana	Attachment files on Projects and Tasks.	User OAuth - shared (IntelligenceBank-supplied app)	Nothing - each user authorizes IntelligenceBank when they connect.
Adobe Experience Manager	Site Pages (text copy) and Content Fragments (text copy).	User OAuth - client level	A dedicated Adobe IMS OAuth app for AEM: Client ID, Client Secret, and Instance URL are to be provided to IntelligenceBank for configuration..
Canva	The currently open design, exported automatically as a PDF.	User OAuth - client level	A dedicated Canva OAuth Integration: Client ID and Client Secret are to be provided to IntelligenceBank for configuration..
ServiceNow	Attachment files on records.	User OAuth - client level	A dedicated ServiceNow OAuth app: Client ID, Client Secret, and Instance URL are to be provided to IntelligenceBank for configuration..

Authentication types: Shared means every IntelligenceBank customer uses the same OAuth application that IntelligenceBank operates - each end user simply authorizes it the first time. Client level means your organization creates and operates its own OAuth application in the third-party tool and provides its Client ID, Client Secret, and Instance URL to IntelligenceBank.

Connecting an App

Open the extension side panel and go to Connected Apps. Apps your IntelligenceBank Site has enabled appear in the Available section; apps that are not enabled appear under Add-ons with a Request Access button.
Click Connect on the app you want to set up. A browser tab opens for authentication on the third-party app.
Authorize IntelligenceBank and return to the extension. The app status changes to Connected.
Browse to a page in that app (for example, a Workfront task or a monday.com item). The extension automatically detects the page and surfaces the content available to review.

Tip: For client-level apps (Workfront, AEM, Canva, ServiceNow), your IntelligenceBank Customer Success Manager must first configure the OAuth credentials (and Instance URL where required) provided by your organization. End users then click Connect and authorize against your organization's own OAuth app. The per-app sections below list the exact steps an OAuth admin in the third-party tool should follow.

Per-App Configuration

Adobe Workfront

Reviews are run against document files attached to a Workfront Project or Task. Your organization needs to create a dedicated Workfront OAuth application and provide its Client ID, Client Secret, and Instance URL to IntelligenceBank for configuration.

Admin setup - to be performed by a Workfront administrator.

1Open OAuth Applications	In Workfront, navigate to Setup > System > OAuth Applications.
2Create the Application	Create a new OAuth2 application and select Web Application. Configure the remaining settings to suit your environment.
3Set Redirect URLs	Add the IntelligenceBank gateway callback URL: `https://xc0h6q3mc5.execute-api.us-west-1.amazonaws.com/prod/oauth/callback`. You can optionally also add `https://xc0h6q3mc5.execute-api.us-west-1.amazonaws.com/dev/oauth/callback` - useful if IntelligenceBank needs to test a staged fix before rolling it out to production.
4Generate Client Secret	Generate the Client Secret and copy it together with the Client ID.
5Share with IntelligenceBank	Provide the Client ID, Client Secret, and your Workfront instance URL to your IntelligenceBank Customer Success Manager.

monday.com

Reviews are run against files attached to a Board or Item. monday.com uses the shared IntelligenceBank OAuth app - there are no client-level credentials to configure. A workspace administrator does need to authorize the IntelligenceBank app on the target workspace once before end users can connect from the extension.

Admin setup - to be performed by a monday.com administrator.

1Open the Authorization URL	Signed in as a monday.com admin on the workspace you want to enable, open: `https://auth.monday.com/oauth2/authorize?client_id=0bf878428ed35fc6bd507ce8bf3fa248&response_type=install`
2Approve the Install	Review the permissions the IntelligenceBank app requests and approve the install. Once complete, individual users on that workspace can connect from the extension - no credentials need to be shared with IntelligenceBank.

Asana

Reviews are run against attachment files on Projects and Tasks. Asana uses the shared IntelligenceBank OAuth app, with no admin install or client-side configuration needed - each user authorizes IntelligenceBank when they connect.

Adobe Experience Manager

Reviews extract the text copy of an AEM Site Page or Content Fragment and submit it as a text review. Setup is in two parts: (1) create a dedicated Adobe IMS OAuth application in the Adobe Developer Console, and (2) allowlist that application's Client ID inside each AEM environment by deploying an api.yaml configuration file via Cloud Manager. The Client ID, Client Secret, and one or more AEM instance URLs are then provided to IntelligenceBank for configuration.

Admin setup - steps 1 to 6 are performed in the Adobe Developer Console, steps 7 and 8 in Cloud Manager.

1Create a Project	In the Adobe Developer Console, create a new Project.
2Add the API	Choose Add an API and select AEM CS Sites Content Management.
3Configure Authentication	Select User Authentication as the authentication type, then choose OAuth Web App.
4Set Redirect URI and Pattern	Set the Default Redirect URI to `https://xc0h6q3mc5.execute-api.us-west-1.amazonaws.com/prod/oauth/callback`. For the Redirect URI pattern, use `https://xc0h6q3mc5\.execute-api\.us-west-1\.amazonaws\.com/(dev\|prod)/oauth/callback` if you also want the dev gateway to be allowed (useful when IntelligenceBank needs to test a staged fix); otherwise use the prod URI as the pattern.
5Save the Configuration	Save the configured API.
6Copy Credentials	Open the generated Connected Credentials and copy the Client ID and Client Secret.
7Allowlist the Client ID (Cloud Manager)	In Cloud Manager, open your AEM project's code repository and create (or edit) `config/api.yaml`using the Client ID from step 6: kind: "API" version: "1.0" metadata: envTypes: ["dev", "stage", "prod"] data: allowedClientIDs: author: - "<Client ID from step 6>" Commit and push to the `main` branch.
8Deploy the allowlist to each environment	Each AEM environment maintains its own allowlist. A pipeline that deploys `config/api.yaml` must run successfully against every environment you want the extension to reach. Either a dedicated Config Pipeline (Deployed code = Configuration) or a Full Stack pipeline works - both deploy the file. See Adobe's Config Pipeline documentation for the current Cloud Manager flow.
9Share with IntelligenceBank	Provide the Client ID, Client Secret, and your AEM instance URL(s) (for example `https://author-p181831-e1910501.adobeaemcloud.com/`) to your IntelligenceBank Customer Success Manager. Up to three instance URLs can be registered - typically one each for dev, staging, and production. Make sure step 8 has been completed for every URL you submit.

Important: Step 8 must succeed for every environment you intend to connect. If an environment is left out, API calls from the extension to that environment will be rejected with 403 Forbidden at the Adobe CDN even though the OAuth sign-in itself succeeds - the symptom in the extension is an "Authentication failed: 403" error that does not resolve on reconnect.

Tip: If you're not sure what your AEM instance URLs are, sign in to my.cloudmanager.adobe.com, open the Program, and read the URLs from the environments you want to connect.

Restriction: AEM reviews are text-only, so Send to IntelligenceBank and Download PDF are not available for these reviews. Detected risks are visible in the side panel and can be dismissed; for a file-based record in IntelligenceBank, run a file review against an asset stored in AEM's DAM instead.

Canva

Reviews are run against the design you currently have open in Canva. The extension automatically asks Canva to export the design as a PDF and submits that file for review. Your organization needs to create a dedicated Canva OAuth Integration and provide its Client ID and Client Secret to IntelligenceBank for configuration.

Admin setup - to be performed by a Canva administrator with access to your account's Developers portal.

1Open the Developers Portal	Navigate to https://www.canva.com/developers/integrations/.
2Create a New Integration	Create a new integration. If your team is on Canva Enterprise, select Private. On any other plan, select Public, but leave the integration as Draft - do not submit it for review at any point.
3Set Redirect URLs	Add the IntelligenceBank gateway callback URL: `https://xc0h6q3mc5.execute-api.us-west-1.amazonaws.com/prod/oauth/callback`. You can optionally also add `https://xc0h6q3mc5.execute-api.us-west-1.amazonaws.com/dev/oauth/callback` - useful if IntelligenceBank needs to test a staged fix before rolling it out to production.
4Add Required Scopes	Add the following scopes: `design:content:read`, `design:meta:read`, `profile:read`, `comment:write`. Configure the remaining settings to suit your environment.
5Generate Client Secret	Generate the Client Secret and copy it together with the Client ID.
6Share with IntelligenceBank	Provide the Client ID and Client Secret to your IntelligenceBank Customer Success Manager.

ServiceNow

Reviews are run against attachment files on a ServiceNow record. Your organization needs to create a dedicated ServiceNow OAuth application and provide its Client ID, Client Secret, and Instance URL to IntelligenceBank for configuration.

Admin setup - to be performed by a ServiceNow administrator.

1Open Application Registry	In ServiceNow, navigate to System OAuth > Application Registry.
2Create the Integration	Select New, then New Inbound Integration, then New Integration, and choose OAuth - Authorization code grant.
3Set Redirect URLs	Add the IntelligenceBank gateway callback URL: `https://xc0h6q3mc5.execute-api.us-west-1.amazonaws.com/prod/oauth/callback`. You can optionally also add `https://xc0h6q3mc5.execute-api.us-west-1.amazonaws.com/dev/oauth/callback` - useful if IntelligenceBank needs to test a staged fix before rolling it out to production.
4Keep Public Unchecked	Leave the Public flag unchecked - this integration must remain confidential.
5Configure Auth Scope	In the Auth scope section, add `useraccount` as a configured scope. This is the scope IntelligenceBank requests when starting OAuth, and it lets the integration act on whatever records the signed-in ServiceNow user can already access - downloads of attachments are still subject to that user's normal ACLs. If Allow access only to APIs in selected scope is enabled on your instance, the OAuth handshake will fail unless `useraccount` is listed here.
6Save and Copy Credentials	Save the registry entry, then open it and copy the generated Client ID and Client Secret.
7Share with IntelligenceBank	Provide the Client ID, Client Secret, and your ServiceNow instance URL to your IntelligenceBank Customer Success Manager.

Feature Support Across Connected Apps

App	Review type	Send to IntelligenceBank	Download PDF	Show on Page
Adobe Workfront	File	Yes	Yes	No
monday.com	File	Yes	Yes	No
Asana	File	Yes	Yes	No
Adobe Experience Manager	Text	No (text reviews)	No (text reviews)	No
Canva	File (PDF)	Yes	Yes	No
ServiceNow	File	Yes	Yes	No

Need Help?

If a Connected App appears under Add-ons rather than Available - contact IntelligenceBank to have it enabled. For client-level apps (Workfront, AEM, ServiceNow...), IntelligenceBank will also need your organization's OAuth credentials as per the steps outlined before the connector can be used. For all extension related inquiries that need our team, you can submit a ticket.

Get Started

Install from the Chrome Web Store