Setup Client credential flow
Last updated
Last updated
See Setup for obtaining required in information before configuring authentication.
Design time configuration is recommended to configure using with Client Credential model.
Prepare IFS setup first and collect all information ready before configuring Client Credentials. Also when configuring, add fields in order from top to bottom.
Get Access token URL value from IFS Cloud.
Create one IFS service user and link it to new IAM Client.
Create IFS service user
Create IFS user type of Service User.
One cannot log into Aurena with IFS user type of service user.
It could be good idea to have novaura/nc and flow in the IFS user name?
IFS Service user permissions
Minimum privileges in that service user needs are
CONNECT system privilege
ProjectionExplorer projection
This enables the OData Connector to get projection list from IFS.
If Client Credentials authentication is used in Runtime setup (debugging in Studio or for integrations for example), service user must be granted
all projections required by flows
company and site setup to enable data visibility etc.
Create IFS IAM Client
Create IAM client like in example and link it to IFS service user.
Name IAM client so that it can be identified as being used by Flow. Also adding postfix describing authentication type would be a good idea.
Example name: NC_Flow_ClientCredentials, Novacura_ClientCredentials
Use same name for same type of IAM client in all customers IFS Cloud instances.
From saved IAM client, copy
Client ID (character size matters, NC_FlowClientCred is not the same as NC_FLOWCLIENTCRED) to OData connectors Client ID and
generated Secret to OData connectors Client Secret.
Set default value of openid microprofile-jwt to OData connectors Scope(s).
Flow User setup has no link to IFS user so there are no special requirements for flow user setup.