Once installed IFS OData connector runs as a windows service. To configure the IFS OData connector,

• Open a browser window and navigate to the connector service log-in page. Log in with valid credentials.

• Click on the Configuration link and navigate to the configuration page.

• In the configuration click on the Add new option to create a new connector configuration.

General Information

• Name - name of the connector configuration.

• Service URI - service URI of the IFS Cloud installation. Please refer Obtaining end-point info from IFS Cloud for more info.

• IFS Version - IFS Cloud or IFS APP 10

• Break workflow on error - Decides if an IFS exception should result in workflow being stopped

Authentication Information

In the Auth tab, there are two more tabs named Design time and Runtime. Design time authentication is used when designing/developing a flow and runtime is used when running/executing the flow.

Design Time

Design time always uses non-interactive authentication against IFS Cloud. These credentials are used to get projection information only.

Client Credentials flow

• Access Token URL - token endpoint for the IFS Cloud instance. Please refer Obtaining end-point info from IFS Cloud for more info

• Client ID - Obtained from IFS IAM Client registration

• Client Secret - Obtained from IFS IAM Client registration

• Scope(s) - should be set to openid microprofile-jwt

Password Credentials Flow

• Access Token URL - token endpoint for the IFS Cloud instance. Please refer Obtaining end-point info from IFS Cloud for more info

• Username - end-user username

• Password - end-user password

• Client ID - Obtained from IFS IAM Client registration

• Client Secret - Obtained from IFS IAM Client registration

• Scope(s) - should be set to openid microprofile-jwt

Runtime

The runtime can use both interactive and non-interactive authentication against IFS Cloud. Also, there's an option to copy design time authentication as well. These credentials are used always when a machine task is executed by any client, including test bench in Flow Studio. There are options to override which credentials to use at runtime if the client is test bench, or if the user is a specific machine user. The purpose of the override is to either enable debugging workflows from Flow Studio or running scheduled workflows while using an interactive login for other clients. Without the override you need to create a separate connector configuration to cover those scenarios.

Authorization Code flow

This type of authentication requires user interaction. It can only be used in clients supporting interactive login, such as mobile clients and web client. It cannot be used when running workflow in test bench or as a machine workflow, i.e. a scheduled workflow.

• Auth URL - authorization endpoint for the IFS Cloud instance. Please refer Obtaining end-point info from IFS Cloud for more info

• Access Token URL - token endpoint for the IFS Cloud instance. Please refer Obtaining end-point info from IFS Cloud for more info

• Client ID - Obtained from IFS IAM Client registration

• Client Secret - Obtained from IFS IAM Client registration

• Scope(s) - should be set to openid microprofile-jwt

Client Credentials flow

• Access Token URL - token endpoint for the IFS Cloud instance. Please refer Obtaining end-point info from IFS Cloud for more info

• Client ID - Obtained from IFS IAM Client registration

• Client Secret - Obtained from IFS IAM Client registration

• Scope(s) - should be set to openid microprofile-jwt

Password Credentials Flow

• Access Token URL - token endpoint for the IFS Cloud instance. Please refer Obtaining end-point info from IFS Cloud for more info

• Username - end-user username

• Password - end-user password

• Client ID - Obtained from IFS IAM Client registration

• Client Secret - Obtained from IFS IAM Client registration

• Scope(s) - should be set to openid microprofile-jwt

Open ID

Used in External IDP(single sign-on) scenario.