Skip to content

IAM Clients

IAM Clients are entities that can request authentication. They request an access token so they can invoke other services on behalf of the authenticated user. IFS supports only OpenID Connect clients.

There are two types of IAM Clients:

IFS Client - Delivered by IFS to perform a specific authentication need. We recommend not to change these clients as these can be changed along with IFS Release updates.

Custom Clients - Clients created by customers will be set as Custom Clients.

IFS Clients

Client NameDescriptionBased On ComponentPublic ClientService AccountDirect Access Grants
IFS_aurenaThe main IFS Cloud Web Client*NoYes
IFS_aurena_nativeThe Client to handle IFS Mobile Application Authentication.fndmobYesTrue
IFS_aurena_native_servicesThe Client to handle authorized connection between mobile IFS Mobile Containers.fndmobFalseservice-account-ifs_aurena_native_servicesFalse
IFS_boomiClient which customers can use to connect to IFS Cloud from Boomi Platform. This has offline access enabled to have a very large token expiry.*FalseifsboomiTrue
IFS_cbs_nativeThis client used to authenticate Advanced Planning Board (APB)cbsTrueFalse
IFS_ceClient which can be used to allow IFS CE to call IFS Cloud projections using an integration account. Using this approach means that all IFS CE interactions will be recorded against the integration account.*TrueTrue
IFS_ce_ssoClient which can be used to allow IFS CE to call IFS Cloud projections as the logged in user. This allows full user ownership of all records.*FalseFalse
IFS_connectClient which can be used to call IFS Connect HTTP/S gateway. Also this is the client used by ifsapp-connect to call ifsapp-odata projections internally.FalseifsconnectTrue
IFS_reportingThis is the client used by ifsapp-reporting-web-designer-ren, ifsapp-reporting-web-transformer and ifsapp-reporting-web-runtime-ren to call ifsapp-odata projections internally.FalseifswebreportTrue
IFS_criterionThe Client to handle payroll integration services between IFS Cloud and Criterion Payroll Provider.payintFalseifs_criterionTrue
IFS_dssThe Client to handle IFS Signing Service Authentication.fnddssFalseTrue
IFS_dss_nativeThe Client to handle IFS Signing Service Authentication in the native application.fnddssFalseTrue
IFS_syncThe Client which used to send Datasync HTTP requests between two IFS instances.FalseifssyncTrue
IFS_filestorageThe Client that is used to communicate with the Virus Scanner container.FalseFalse
IFS_docman_esignUsed from the ifsapp-docman-esign container when it needs to access the IFS Cloud database.docmanFalseservice-account-ifs_docman_esignFalse
IFS_maintenix_appserverPrimary service user account for the Maintenix application servermxcoreFalseservice-account-ifs_maintenix_appserverTrue
IFS_maintenix_ppcThe Client used by the Product Planning & Control thick client for authenticationmxcoreTrueTrue
IFS_maintenix_pvThe Client used by the Planning Viewer thick client for authenticationmxcoreTrueTrue
IFS_maintenix_reportserverPrimary service user account for the Maintenix report servermxcoreFalseservice-account-ifs_maintenix_reportserverTrue
IFS_maintenix_odataThe Client used by the OData Provider for interactions with Maintenixmxcorefalseservice-account-ifs_maintenix_odataTrue
IFS_msp_integrationThis Client facilitates project data transfer between Microsoft Project and IFS Cloud using MS Project Integration.prjmspTrueFalse
IFS_remote_assistanceThe Client to handle Remote Assistant authorized connection between Containers.fndremFalseifsremTrue
IFS_scimThis Client is used for User Provisioning using SCIM. This is an offline access enabled client, restricted only for SCIM.FalseifsscimTrue
  • Based On Component - The IAM Client will be created only if this component installed.
  • Public Client - When enabled, this designates the client as a Public Client. If not enabled, it is classified as a Confidential Client. For further details, refer to the section on how to authenticate External Integration.
  • Service Account - Enabling this option will create a service user in IAM along with the IAM client. This is required for utilizing the Client Credential flow.
  • Direct Access - This enables support for Direct Access Grants, allowing the client to use the user's username and password to directly obtain an access token from the IAM server. In OAuth2 specification, it enables support for the 'Resource Owner Password Credentials Grant' for this client.

Read more on;