Restricted Binding functionality in case Bearer Authorization [New in Security Center 7.0]

Release version: Australia

Updated March 12, 2026

1 minute to read

Use a system property and restricted binding to ensure that an access token generated using that entity can’t be used for UI calls.

Use the glide.oauth.enforce_restricted_binding_for_ui system property and enable restricted binding for an OAuth entity to prevent the access tokens generated by that entity from being used for UI calls (For example, incident_list.do).

When restricted binding is turned off, the access token generated can be used for UI calls regardless of the value of the system property.

Ensure that glide.oauth.enforce_restricted_binding_for_ui is set to true and Enforce Token Restrictions is set to true in all OAuth entity entries. For details on OAuth entity entries, see OAuth Inbound.

More information


Attribute	Description
Configuration name	glide.oauth.enforce_restricted_binding_for_ui
Configuration type	System Properties (/sys_properties_list.do)
Data type	Boolean
Recommended value	true
Default value	false
Fallback value	false
Category	Architecture, design, and threat modeling
Security risk	Severity score: 5.0 CVSS score: Medium Security risk details: When the glide.oauth.enforce_restricted_binding_for_ui system property isn’t set to true or restricted binding is turned off, then a user with the access token to access an API (for example, mobile API) can get a session issued and use it to access other restricted resources on the instance (for example, `incident_list.do`).
Dependencies and prerequisites	None