# Authentication models

Authentication is setup on configuration level in the oData connector admin interface.

<figure><img src="/files/JPj6REYEe4Aa13cZWycX" alt=""><figcaption><p>Auth tab in the oData connector admins page</p></figcaption></figure>

## Different authentication models&#x20;

Each OData connector configuration has **three** authentication configuration categories, **Design time** and **Runtime** are mandatory.

**Design time** is used:

* During workflow design in Flow Studio, setting up machine steps and exploring projections

**Runtime** is used:

* During execution of user flows by any of the clients (mobile/web)
* Executing machine workflows&#x20;
* Running flows in Testbench&#x20;

{% hint style="info" %}
Each authentication configuration should be tailored to meet specific customer requirements and flow types. It is common to have multiple oData connector configurations within a solution for the different scenarios.
{% endhint %}

## Authentication flow type overview

### **Client Credential flow**

<figure><img src="/files/irIg8FSTlQyraR8g8U67" alt=""><figcaption></figcaption></figure>

{% content-ref url="/pages/xhi56fcAkJxmvSqZTBI1" %}
[Setup Client credential flow](/flow-ifs-cloud-development-guidelines/flow-development-with-odata/configuration/authentication-models/setup-client-credential-flow.md)
{% endcontent-ref %}

### **Password Credentials flow**

<figure><img src="/files/VumdE4OkQ5JG0JxC9CAa" alt=""><figcaption></figcaption></figure>

{% content-ref url="/pages/QpDQv8LcruTU8S90OAEU" %}
[Setup Password credentials flow](/flow-ifs-cloud-development-guidelines/flow-development-with-odata/configuration/authentication-models/setup-password-credentials-flow.md)
{% endcontent-ref %}

### **Basic authentication**

Basic Authentication is not recommended for use with IFS Cloud as it is considered insecure and is disabled by default. But it's still supported by the oData connector.&#x20;

### **Authorization Code Flow**

<figure><img src="/files/qdXvgIbvSo4TIjdwZABr" alt=""><figcaption></figcaption></figure>

{% content-ref url="/pages/AkodiAd6mo0l6fn5Upy0" %}
[Setup Authorization code flow](/flow-ifs-cloud-development-guidelines/flow-development-with-odata/configuration/authentication-models/setup-authorization-code-flow.md)
{% endcontent-ref %}

### **OpenId flow**

<figure><img src="/files/O0kG3aEk6wU3iQOhWpLZ" alt=""><figcaption></figcaption></figure>

{% content-ref url="/pages/Wdagh5sspCTGYgXC2Sqj" %}
[Setup OpenID flow](/flow-ifs-cloud-development-guidelines/flow-development-with-odata/configuration/authentication-models/setup-openid-flow.md)
{% endcontent-ref %}

## Summary of authentication flows

Below is a summary of main features of each authentication flow to consider when configuring OData configurations based on customer requirements and flow types developed.

<table data-card-size="large" data-view="cards"><thead><tr><th>Authentication type</th><th>Applicable Flow app types</th><th>Flow clients</th><th>Available for OData auth. type</th><th>Options for flow user to authenticate to flow server</th><th>User authentication IDP</th><th>Flow User Authenticated in IFS</th><th>Remarks</th></tr></thead><tbody><tr><td><strong>Client Credentials</strong></td><td>User and machine workflows</td><td>All clients</td><td>Design/Runtime</td><td>Pw in Flow Server/Ext. IDP in Flow Server OpenId configuration</td><td>Only IFS IDP</td><td>One IFS Service User linked to IFS IAM Client</td><td>No possibility to log into Aurena with service user</td></tr><tr><td><strong>Password Credentials</strong></td><td>User and machine workflows</td><td>All clients</td><td>Design/Runtime</td><td>FPw in Flow Server/Ext. IDP in Flow Server OpenId configuration</td><td>Only IFS IDP</td><td>Flow user</td><td>Flow user, connector level setup could contain users IFS user Id</td></tr><tr><td><strong>Authorization Code</strong></td><td>User workflows</td><td>Only mobile clients</td><td>Runtime</td><td>Pw in Flow Server/Ext. IDP in Flow Server OpenId configuration</td><td>IFS/External IDP</td><td>Flow user</td><td>Usable when flow is connecting to different systems of which all require their own authentication, IFS being one of them</td></tr><tr><td><strong>OpenId</strong></td><td>User workflows</td><td>All clients</td><td>Runtime</td><td>IFS IDP setup in Flow Server OpenId configuration</td><td>IFS/External IDP</td><td>Flow user</td><td>Web client and Portal2 requires separate API Manager to be purchased/configured by customer</td></tr></tbody></table>

Flow documentation about authentication

{% embed url="<https://help.novacuraflow.com/connectors/areas/business-systems/ifs-applications/ifs-odata/authentication-in-ifs-cloud>" %}

{% embed url="<https://help.novacuraflow.com/connectors/areas/business-systems/ifs-applications/ifs-odata/configuring-ifs-odata-connector>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.novacura.com/flow-ifs-cloud-development-guidelines/flow-development-with-odata/configuration/authentication-models.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.