IAM Clients¶
IAM Clients are entities that can request authentication. They request an access token so they can invoke other services on behalf of the authenticated user. IFS supports only OpenID Connect clients.
There are two types of IAM Clients:
IFS Client - Delivered by IFS to perform a specific authentication need. We recommend not to change these clients as these can be changed along with IFS Release updates.
Custom Clients - Clients created by customers will be set as Custom Clients.
IFS Clients¶
| Client Name | Description | Based On Component | Public Client | Service Account | Direct Access Grants |
|---|---|---|---|---|---|
IFS_aurena | The main IFS Cloud Web Client | * | No | Yes | |
IFS_aurena_native | The Client to handle IFS Mobile Application Authentication. | fndmob | Yes | True | |
IFS_aurena_native_services | The Client to handle authorized connection between mobile IFS Mobile Containers. | fndmob | False | service-account-ifs_aurena_native_services | False |
IFS_boomi | Client which customers can use to connect to IFS Cloud from Boomi Platform. This has offline access enabled to have a very large token expiry. | * | False | ifsboomi | True |
IFS_cbs_native | This client used to authenticate Advanced Planning Board (APB) | cbs | True | False | |
IFS_ce | Client which can be used to allow IFS CE to call IFS Cloud projections using an integration account. Using this approach means that all IFS CE interactions will be recorded against the integration account. | * | True | True | |
IFS_ce_sso | Client which can be used to allow IFS CE to call IFS Cloud projections as the logged in user. This allows full user ownership of all records. | * | False | False | |
IFS_connect | Client which can be used to call IFS Connect HTTP/S gateway. Also this is the client used by ifsapp-connect to call ifsapp-odata projections internally. | False | ifsconnect | True | |
IFS_reporting | This is the client used by ifsapp-reporting-web-designer-ren, ifsapp-reporting-web-transformer and ifsapp-reporting-web-runtime-ren to call ifsapp-odata projections internally. | False | ifswebreport | True | |
IFS_criterion | The Client to handle payroll integration services between IFS Cloud and Criterion Payroll Provider. | payint | False | ifs_criterion | True |
IFS_dss | The Client to handle IFS Signing Service Authentication. | fnddss | False | True | |
IFS_dss_native | The Client to handle IFS Signing Service Authentication in the native application. | fnddss | False | True | |
IFS_sync | The Client which used to send Datasync HTTP requests between two IFS instances. | False | ifssync | True | |
IFS_filestorage | The Client that is used to communicate with the Virus Scanner container. | False | False | ||
IFS_docman_esign | Used from the ifsapp-docman-esign container when it needs to access the IFS Cloud database. | docman | False | service-account-ifs_docman_esign | False |
IFS_maintenix_appserver | Primary service user account for the Maintenix application server | mxcore | False | service-account-ifs_maintenix_appserver | True |
IFS_maintenix_ppc | The Client used by the Product Planning & Control thick client for authentication | mxcore | True | True | |
IFS_maintenix_pv | The Client used by the Planning Viewer thick client for authentication | mxcore | True | True | |
IFS_maintenix_reportserver | Primary service user account for the Maintenix report server | mxcore | False | service-account-ifs_maintenix_reportserver | True |
IFS_maintenix_odata | The Client used by the OData Provider for interactions with Maintenix | mxcore | false | service-account-ifs_maintenix_odata | True |
IFS_msp_integration | This Client facilitates project data transfer between Microsoft Project and IFS Cloud using MS Project Integration. | prjmsp | True | False | |
IFS_remote_assistance | The Client to handle Remote Assistant authorized connection between Containers. | fndrem | False | ifsrem | True |
IFS_scim | This Client is used for User Provisioning using SCIM. This is an offline access enabled client, restricted only for SCIM. | False | ifsscim | True | |
- Based On Component - The IAM Client will be created only if this component installed.
- Public Client - When enabled, this designates the client as a Public Client. If not enabled, it is classified as a Confidential Client. For further details, refer to the section on how to authenticate External Integration.
- Service Account - Enabling this option will create a service user in IAM along with the IAM client. This is required for utilizing the Client Credential flow.
- Direct Access - This enables support for Direct Access Grants, allowing the client to use the user's username and password to directly obtain an access token from the IAM server. In OAuth2 specification, it enables support for the 'Resource Owner Password Credentials Grant' for this client.
Read more on;