Authentication models

This chapter describes different Authentication options between oData Flows and IFS Cloud.

Authentication is setup on configuration level in the oData connector admin interface.

Auth tab in the oData connector admins page

Different authentication models

Each OData connector configuration has three authentication configuration categories, Design time and Runtime are mandatory.

Design time is used:

  • During workflow design in Flow Studio, setting up machine steps and exploring projections

Runtime is used:

  • During execution of user flows by any of the clients (mobile/web)

  • Executing machine workflows

  • Running flows in Testbench

Each authentication configuration should be tailored to meet specific customer requirements and flow types. It is common to have multiple oData connector configurations within a solution for the different scenarios.

Authentication flow type overview

Client Credential flow

Setup Client credential flow

Password Credentials flow

🛠️Setup Password credentials flow

Basic authentication

Basic Authentication is not recommended for use with IFS Cloud as it is considered insecure and is disabled by default. But it's still supported by the oData connector.

Authorization Code Flow

🛠️Setup Authorization code flow

OpenId flow

🛠️Setup OpenID flow

Summary of authentication flows

Below is a summary of main features of each authentication flow to consider when configuring OData configurations based on customer requirements and flow types developed.

Authentication type

Client Credentials

Applicable Flow app types

User and machine workflows

Flow clients

All clients

Available for OData auth. type

Design/Runtime

Options for flow user to authenticate to flow server

Pw in Flow Server/Ext. IDP in Flow Server OpenId configuration

User authentication IDP

Only IFS IDP

Flow User Authenticated in IFS

One IFS Service User linked to IFS IAM Client

Remarks

No possibility to log into Aurena with service user

Authentication type

Password Credentials

Applicable Flow app types

User and machine workflows

Flow clients

All clients

Available for OData auth. type

Design/Runtime

Options for flow user to authenticate to flow server

FPw in Flow Server/Ext. IDP in Flow Server OpenId configuration

User authentication IDP

Only IFS IDP

Flow User Authenticated in IFS

Flow user

Remarks

Flow user, connector level setup could contain users IFS user Id

Authentication type

Authorization Code

Applicable Flow app types

User workflows

Flow clients

Only mobile clients

Available for OData auth. type

Runtime

Options for flow user to authenticate to flow server

Pw in Flow Server/Ext. IDP in Flow Server OpenId configuration

User authentication IDP

IFS/External IDP

Flow User Authenticated in IFS

Flow user

Remarks

Usable when flow is connecting to different systems of which all require their own authentication, IFS being one of them

Authentication type

OpenId

Applicable Flow app types

User workflows

Flow clients

All clients

Available for OData auth. type

Runtime

Options for flow user to authenticate to flow server

IFS IDP setup in Flow Server OpenId configuration

User authentication IDP

IFS/External IDP

Flow User Authenticated in IFS

Flow user

Remarks

Web client and Portal2 requires separate API Manager to be purchased/configured by customer

Flow documentation about authentication

Last updated

Was this helpful?