# Authentication models Authentication is setup on configuration level in the oData connector admin interface.

Auth tab in the oData connector admins page

## Different authentication models Each OData connector configuration has **three** authentication configuration categories, **Design time** and **Runtime** are mandatory. **Design time** is used: * During workflow design in Flow Studio, setting up machine steps and exploring projections **Runtime** is used: * During execution of user flows by any of the clients (mobile/web) * Executing machine workflows * Running flows in Testbench {% hint style="info" %} Each authentication configuration should be tailored to meet specific customer requirements and flow types. It is common to have multiple oData connector configurations within a solution for the different scenarios. {% endhint %} ## Authentication flow type overview ### **Client Credential flow**

{% content-ref url="authentication-models/setup-client-credential-flow" %} [setup-client-credential-flow](https://docs.novacura.com/flow-ifs-cloud-development-guidelines/flow-development-with-odata/configuration/authentication-models/setup-client-credential-flow) {% endcontent-ref %} ### **Password Credentials flow**

{% content-ref url="authentication-models/setup-password-credentials-flow" %} [setup-password-credentials-flow](https://docs.novacura.com/flow-ifs-cloud-development-guidelines/flow-development-with-odata/configuration/authentication-models/setup-password-credentials-flow) {% endcontent-ref %} ### **Basic authentication** Basic Authentication is not recommended for use with IFS Cloud as it is considered insecure and is disabled by default. But it's still supported by the oData connector. ### **Authorization Code Flow**

{% content-ref url="authentication-models/setup-authorization-code-flow" %} [setup-authorization-code-flow](https://docs.novacura.com/flow-ifs-cloud-development-guidelines/flow-development-with-odata/configuration/authentication-models/setup-authorization-code-flow) {% endcontent-ref %} ### **OpenId flow**

{% content-ref url="authentication-models/setup-openid-flow" %} [setup-openid-flow](https://docs.novacura.com/flow-ifs-cloud-development-guidelines/flow-development-with-odata/configuration/authentication-models/setup-openid-flow) {% endcontent-ref %} ## Summary of authentication flows Below is a summary of main features of each authentication flow to consider when configuring OData configurations based on customer requirements and flow types developed.

Authentication type	Applicable Flow app types	Flow clients	Available for OData auth. type	Options for flow user to authenticate to flow server	User authentication IDP	Flow User Authenticated in IFS	Remarks
Client Credentials	User and machine workflows	All clients	Design/Runtime	Pw in Flow Server/Ext. IDP in Flow Server OpenId configuration	Only IFS IDP	One IFS Service User linked to IFS IAM Client	No possibility to log into Aurena with service user
Password Credentials	User and machine workflows	All clients	Design/Runtime	FPw in Flow Server/Ext. IDP in Flow Server OpenId configuration	Only IFS IDP	Flow user	Flow user, connector level setup could contain users IFS user Id
Authorization Code	User workflows	Only mobile clients	Runtime	Pw in Flow Server/Ext. IDP in Flow Server OpenId configuration	IFS/External IDP	Flow user	Usable when flow is connecting to different systems of which all require their own authentication, IFS being one of them
OpenId	User workflows	All clients	Runtime	IFS IDP setup in Flow Server OpenId configuration	IFS/External IDP	Flow user	Web client and Portal2 requires separate API Manager to be purchased/configured by customer

Flow documentation about authentication {% embed url="" %} {% embed url="" %}