Authentication models

This chapter describes different options to configure authentication of flow apps (user/machine workflows) in OData Connector towards IFS Cloud.

Different authentication models

Each OData connector configuration has two authentication configuration, both mandatory:

Design time setup is used

when you develop flow in Studio (configure machine steps) and
OData connector uses it to expose projections from IFS, that can be used in flow apps.

Runtime setup is used when

user flow is executed in any flow clients or
executing machine workflows and
debugging user flow in Studio.

Each authentication are to be configured based on customer requirements and flow types. It is not very uncommon to have several OData connector configurations used by different kinds of workflows.

Available Authentication Flows

Client Credential flow

pageSetup Client credential flow

Password Credentials flow

🛠️pageSetup Password credentials flow

Basic authentication

This option shouldn’t be generally used towards IFS Cloud, even though exists in OData connector.

Authorization Code Flow

🛠️pageSetup Authorization code flow

OpenId flow

🛠️pageSetup OpenID flow

Summary of authentication flows

Below is a summary of main features of each authentication flow to consider when configuring OData configurations based on customer requirements and flow types developed.

Client Credentials

User and machine workflows

All clients

Design/Runtime

Pw in Flow Server/Ext. IDP in Flow Server OpenId configuration

Only IFS IDP

One IFS Service User linked to IFS IAM Client

No possibility to log into Aurena with service user

Password Credentials

User and machine workflows

All clients

Design/Runtime