Skip to content

Connecting to AI Services

Integrating AI into IFS Cloud Remote or Remote-Hybrid deployment is essential to unlock the full suite of advanced capabilities embedded in the platform. Access to Copilot for contextual assistance within workflows, predictive analytics to support data-driven decision-making, and intelligent automation that streamlines complex operational processes.

This guide provides instructions for connecting an existing remotely deployed IFS Cloud environment to the AI platform as a tenant.

Overview

The integration between IFS Cloud and IFS AI platform enables secure communication via modern OAuth 2.0 authentication mechanisms between IFS Remote Tenants and IFA AI Services. Once configured, your deployment can take full advantage of AI-powered features that play a critical role in optimizing deployment efficiency, scalability, and long-term value.

Prerequisites

Ensure the following conditions are met before proceeding with the configuration:

  • IFS Cloud Version: The deployment must be on version 25.1.1 or later.
  • Network Access: The deployment must not be air-gapped; it must allow outbound communication to IFS AI URLs from the IFS Cloud application.
  • Entitlements: All necessary entitlements for AI capabilities must be purchased.
  • Access Studio Setup: Access Studio must be registered and configured.
  • Tenant Provisioning: A tenant must be successfully provisioned via Access Studio, and the following must be obtained:
    • Tenant URI
    • Nonce (single-use token)

For details on provisioning tenants and setting up Access Studio, please refer to the official ALE documentation.

Configuration Steps - Connecting to IFS AI

To integrate your remotely deployed IFS Cloud environment with the IFS AI platform, follow these steps:

1. Update Installer Configuration

In your installer configuration file (customvalues.yaml), add the following parameters:

accessStudioUrlTenant URL copied from Access Studio
accessStudioNonceKeyNonce received from Access Studio
deploymentModelSet to REMOTE
nxsUriNexus Service URI
mlServiceApiMachine Learning Service API URL
xdivServiceApiXDIV Service API URL

Ensure all values are accurate and securely stored.

2. Run Middle-Tier Installation

With the configuration in place, proceed with the middle-tier installation.

During this process:

  • The nonce (valid for 24 hours and unique to each tenant) is exchanged for a refresh token with a longer validity (typically 6 months).
  • The installer creates a Kubernetes secret named Nexus Access Studio, containing:
    • The refresh token
    • The updated tenant URI

This enables IFS Cloud services to securely authenticate and interact with the IFS AI platform via Curity.

Token Management

Validity & Rotation

  • Refresh Token Validity: 6 months
  • Automatic Rotation: Each new delivery or deployment automatically triggers a token rotation via the installer.

Secure Storage Requirements
The refresh token must be securely stored using one of the following:

  • Enterprise Vault (e.g., HashiCorp Vault)
  • Kubernetes Secret (ensure encryption at rest is enabled)

Post-Onboarding

Once onboarding is complete, the remote IFS Cloud environment is fully connected to the IFS AI platform. Users can now begin leveraging AI-enhanced services, driving smarter workflows, deeper insights, and operational efficiencies.