Configuring Authentication for the FME Flow Web Services
All workspaces that are run from FME Flow use at least one of the FME Flow Web Services, and these services must authenticate with the user account that requests them. The user account must have Run permission on the repository in which the workspace resides, and Access permission to the service.
Depending on your security requirements, you may want to configure authentication for the FME Flow Web Services using the following options.
Authenticating with Tokens
A token can provide the credentials required for authentication. We recommend using tokens in conjunction with user accounts that have only the required permissions for their service requests to succeed, and no additional permissions.
Removing the Authentication Requirement
In some cases, you may want to remove the authentication requirement for a given repository and service. You can use this approach with the data download, data streaming, job submitter, KML network link, and data upload services. You can provide unauthenticated access either through the guest user account, or Directory Server accounts.
Using the guest User Account
You can provide unauthenticated access to a web service simply by providing the guest user account with access to the repository of the workspace you want to run. This scenario is possible because the guest user account acts as a trusted account in FME Flow, and by default, already has full access to the web services. Whenever a user's account credentials fail to authenticate with a web service, FME Flow attempts to authenticate with the guest user. Therefore, if the guest user is given Run permission on the repository of the workspace being run, authentication succeeds. Configure guest user permissions on the Users page.
Using Directory Server Accounts
If you have imported Authentication Services accounts into FME Flow as users, you can provide those accounts with access to repositories and services. Configure directory server user permissions on the Users page. Alternatively, if your directory server accounts belong to roles, you can configure role access on the Roles page.
See Also