This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice. This article is not considered official documentation for K2 software and is provided "as is" with no warranties.
You are unable to access Odata API with an AAD account and a 401 Unauthorized error message appears.
In this case we had two security labels AAD & K2SQL. The K2SQL
label was set to default in the HostServer.SecurityLabel table in the K2 Database
and Basic authentication
was enabled on the OData API
To resolve this please do the following:
1. Disable Basic Authentication for the Odata in the IIS:
2. In the Odata APIs web config \K2\WebServices\API\SmartObjectService.OData\web.config , add the DefaultSecurityLabel key to it pointing to AAD:
<add key="DefaultSecurityLabel" value="AAD" />
3. Setup AAD consent as described here: