search

Setup Client credential flow

hashtag
Setup overview in OData connector configuration

See Setup for obtaining required in information before configuring authentication.

circle-info

Design time configuration is recommended to configure using with Client Credential model.

circle-info

Prepare IFS setup first and collect all information ready before configuring Client Credentials. Also when configuring, add fields in order from top to bottom.

Example Client Credential setup

hashtag
Setup

hashtag
Access Token URL

Get Access token URL value from IFS Cloud.

Obtaining Authentication related URLs from IFS Cloudchevron-right

hashtag
Client ID and Client Secret

Create one IFS service user and link it to new IAM Client.

Create IFS service user

Create IFS user type of Service User.

circle-info

One cannot log into Aurena with IFS user type of service user.

circle-info

It could be good idea to have novaura/nc and flow in the IFS user name?

IFS Service user permissions

Minimum privileges in that service user needs are

  • CONNECT system privilege

  • ProjectionExplorer projection

This enables the OData Connector to get projection list from IFS.

If Client Credentials authentication is used in Runtime setup (debugging in Studio or for integrations for example), service user must be granted

  • all projections required by flows

  • company and site setup to enable data visibility etc.

Create IFS IAM Client

Create IAM client like in example and link it to IFS service user.

circle-info

Name IAM client so that it can be identified as being used by Flow. Also adding postfix describing authentication type would be a good idea.

Example name: NC_Flow_ClientCredentials, Novacura_ClientCredentials

circle-info

Use same name for same type of IAM client in all customers IFS Cloud instances.

From saved IAM client, copy

  • Client ID (character size matters, NC_FlowClientCred is not the same as NC_FLOWCLIENTCRED) to OData connectors Client ID and

  • generated Secret to OData connectors Client Secret.

hashtag
Scope(s)

Set default value of openid microprofile-jwt to OData connectors Scope(s).

hashtag
Flow Server User Setup

Flow User setup has no link to IFS user so there are no special requirements for flow user setup.

PreviousAuthentication modelsNextSetup Password credentials flow

Last updated

Was this helpful?