Authentication models
This chapter describes different options to configure authentication of flow apps (user/machine workflows) in OData Connector towards IFS Cloud.
Different authentication models
Each OData connector configuration has two authentication configuration, both mandatory:
Design time setup is used
when you develop flow in Studio (configure machine steps) and
OData connector uses it to expose projections from IFS, that can be used in flow apps.
Runtime setup is used when
user flow is executed in any flow clients or
executing machine workflows and
debugging user flow in Studio.
Each authentication are to be configured based on customer requirements and flow types. It is not very uncommon to have several OData connector configurations used by different kinds of workflows.
Each authentication are to be configured based on customer requirements and flow types. It is not very uncommon to have several OData connector configurations used by different kinds of workflows.
Available Authentication Flows
Client Credential flow
Password Credentials flow
Basic authentication
This option shouldn’t be generally used towards IFS Cloud, even though exists in OData connector.
Authorization Code Flow
OpenId flow
Summary of authentication flows
Below is a summary of main features of each authentication flow to consider when configuring OData configurations based on customer requirements and flow types developed.
Client Credentials
User and machine workflows
All clients
Design/Runtime
Pw in Flow Server/Ext. IDP in Flow Server OpenId configuration
Only IFS IDP
One IFS Service User linked to IFS IAM Client
No possibility to log into Aurena with service user
Password Credentials
User and machine workflows
All clients
Design/Runtime
Flow Server will ask users connector level credentials
Only IFS IDP
Flow user
Flow user, connector level setup could contain users IFS user Id
Authorization Code
User workflows
Only mobile clients
Runtime
Pw in Flow Server/Ext. IDP in Flow Server OpenId configuration
IFS/External IDP
Flow user
Usable when flow is connecting to different systems of which all require their own authentication, IFS being one of them
OpenId
User workflows
All clients
Runtime
IFS IDP setup in Flow Server OpenId configuration
IFS/External IDP
Flow user
Web client and Portal2 requires separate API Manager to be purchased/configured by customer
Flow documentation about authentication
Last updated