Skip to content

IAM Clients

IAM Clients are entities that can request authentication. They request an access token so they can invoke other services on behalf of the authenticated user. IFS supports only OpenID Connect clients.

There are two types of IAM Clients:

IFS Client - Delivered by IFS to perform a specific authentication need. We recommend not to change these clients as these can be changed along with IFS Release updates.

Custom Clients - Clients created by customers will be set as Custom Clients.

IFS Clients

Client Name Description Based On Component Public Client Service Account Direct Access Grants
IFS_aurena The main IFS Cloud Web Client * No Yes
IFS_aurena_native The Client to handle IFS Mobile Application Authentication. fndmob Yes True
IFS_aurena_native_services The Client to handle authorized connection between mobile IFS Mobile Containers. fndmob False service-account-ifs_aurena_native_services False
IFS_boomi Client which customers can use to connect to IFS Cloud from Boomi Platform. This has offline access enabled to have a very large token expiry. * False ifsboomi True
IFS_cbs_native This client used to authenticate Advanced Planning Board (APB) cbs True False
IFS_ce Client which can be used to allow IFS CE to call IFS Cloud projections using an integration account. Using this approach means that all IFS CE interactions will be recorded against the integration account. * True True
IFS_ce_sso Client which can be used to allow IFS CE to call IFS Cloud projections as the logged in user. This allows full user ownership of all records. * False False
IFS_connect Client which can be used to call IFS Connect HTTP/S gateway. Also this is the client used by ifsapp-connect to call ifsapp-odata projections internally. False ifsconnect True
IFS_reporting This is the client used by ifsapp-reporting-web-designer-ren, ifsapp-reporting-web-transformer and ifsapp-reporting-web-runtime-ren to call ifsapp-odata projections internally. False ifswebreport True
IFS_criterion The Client to handle payroll integration services between IFS Cloud and Criterion Payroll Provider. payint False ifs_criterion True
IFS_dss The Client to handle IFS Signing Service Authentication. fnddss False True
IFS_dss_native The Client to handle IFS Signing Service Authentication in the native application. fnddss False True
IFS_sync The Client which used to send Datasync HTTP requests between two IFS instances. False ifssync True
IFS_filestorage The Client that is used to communicate with the Virus Scanner container. False False
IFS_docman_esign Used from the ifsapp-docman-esign container when it needs to access the IFS Cloud database. docman False service-account-ifs_docman_esign False
IFS_maintenix_appserver Primary service user account for the Maintenix application server mxcore False service-account-ifs_maintenix_appserver True
IFS_maintenix_ppc The Client used by the Product Planning & Control thick client for authentication mxcore True True
IFS_maintenix_pv The Client used by the Planning Viewer thick client for authentication mxcore True True
IFS_maintenix_reportserver Primary service user account for the Maintenix report server mxcore False service-account-ifs_maintenix_reportserver True
IFS_maintenix_odata The Client used by the OData Provider for interactions with Maintenix mxcore false service-account-ifs_maintenix_odata True
IFS_msp_integration This Client facilitates project data transfer between Microsoft Project and IFS Cloud using MS Project Integration. prjmsp True False
IFS_remote_assistance The Client to handle Remote Assistant authorized connection between Containers. fndrem False ifsrem True
IFS_scim This Client is used for User Provisioning using SCIM. This is an offline access enabled client, restricted only for SCIM. False ifsscim True
  • Based On Component - The IAM Client will be created only if this component installed.
  • Public Client - When enabled, this designates the client as a Public Client. If not enabled, it is classified as a Confidential Client. For further details, refer to the section on how to authenticate External Integration.
  • Service Account - Enabling this option will create a service user in IAM along with the IAM client. This is required for utilizing the Client Credential flow.
  • Direct Access - This enables support for Direct Access Grants, allowing the client to use the user's username and password to directly obtain an access token from the IAM server. In OAuth2 specification, it enables support for the 'Resource Owner Password Credentials Grant' for this client.

Read more on;