search

🛠️Setup OpenID flow

hashtag
Setup OData connector configuration

Select OpenId as Runtime authentication.

hashtag
Flow Server OpenId configuration

hashtag
Create IFS IAM Client

Create IAM Client with same setup as in example below.

circle-info

Name IAM client so that it can be identified as being used by Flow. Also adding postfix describing authentication type would be a good idea.

Example name: NC_Flow_OpenId or Novacura_OpenId

Example IAM client for supporting OpenId
circle-info

Use same name for same type of IAM client in all customers IFS Cloud instances.

hashtag
Setup OpenId in Flow Server

Add Authority URL and ClientId based on IFS Cloud info.

All the rest configurations can set as in example below.

Example OpenId configuration in Flow Server

hashtag
AuthorityURL

Get Issuer URL value from IFS Cloud.

Obtaining Authentication related URLs from IFS Cloudchevron-right

hashtag
ClientId

Add previously created IAM Client Id.

hashtag
IFS User and Flow Server User Setup

Flow User ID must be same as IFS Users Directory Id

IFS User setup
Same user in flow server
circle-info

If users are synchronized to Flow Server from Azure AD, follow instructions

https://help.novacuraflow.com/development/flow-studio/environment/active-directory-syncarrow-up-right

OPEN ISSUE: If synchronization is set up, is there any effect in having "Use sync source for authentication" checked which is automatically set up during synchronization???

hashtag
WIP - Effect to Flow development

Flow apps using connector with Runtime authentication type OpenId authentication cannot be debugged in Studio.

For flow developer this means that prior debugging connector in flow must be changes to connector using Runtime authentication type of Client Credentials or Password Credentials. Alternatively, if flow has a lot of fragments and changing the connectors in all fragments takes a lot of time you can have copy of the flow (+ fragments) using connector using Runtime authentication type of Client Credentials or Password Credentials.

Notice that possible to have connector using Password Credentials requies that IFS User has password defined in IFS and SSO login is disabled.

If flow uses projections that require authentication as actual user in IFS, then debugging can only be done by running tests in NC client.

PreviousSetup Authorization code flowNextObtaining Authentication related URLs from IFS Cloud

Last updated

Was this helpful?