🛠️Setup OpenID flow
Setup OData connector configuration
Select OpenId as Runtime authentication.
Flow Server OpenId configuration
Create IFS IAM Client
Create IAM Client with same setup as in example below.
Name IAM client so that it can be identified as being used by Flow. Also adding postfix describing authentication type would be a good idea.
Example name: NC_Flow_OpenId or Novacura_OpenId
Use same name for same type of IAM client in all customers IFS Cloud instances.
Setup OpenId in Flow Server
Add Authority URL and ClientId based on IFS Cloud info.
All the rest configurations can set as in example below.
AuthorityURL
Get Issuer URL value from IFS Cloud.
ClientId
Add previously created IAM Client Id.
IFS User and Flow Server User Setup
Flow User ID must be same as IFS Users Directory Id
If users are synchronized to Flow Server from Azure AD, follow instructions
https://help.novacuraflow.com/development/flow-studio/environment/active-directory-sync
OPEN ISSUE: If synchronization is set up, is there any effect in having "Use sync source for authentication" checked which is automatically set up during synchronization???
WIP - Effect to Flow development
Flow apps using connector with Runtime authentication type OpenId authentication cannot be debugged in Studio.
For flow developer this means that prior debugging connector in flow must be changes to connector using Runtime authentication type of Client Credentials or Password Credentials. Alternatively, if flow has a lot of fragments and changing the connectors in all fragments takes a lot of time you can have copy of the flow (+ fragments) using connector using Runtime authentication type of Client Credentials or Password Credentials.
Notice that possible to have connector using Password Credentials requies that IFS User has password defined in IFS and SSO login is disabled.
If flow uses projections that require authentication as actual user in IFS, then debugging can only be done by running tests in NC client.
Last updated
