Hi,
I’ve an architecture with 18 panel PCs with Ignition Edge, all of them connected to a central Ignition Gateway on AWS, is it possible to configure the Edge Gateways so that they make use of the same, common and centralized User Source configured in the main Ignition Gateway?. Otherwise, managing 19 differents user sources, for the time being, will be a headache.
I have also been looking into a way to do this, as it seems the database user source option is not available in edge and I do not know how else to do this. Does anyone think this is an issue with using edge instead of a standard remote gateway?
Another 2 years later, and I'm pondering this as well... I don't know if it's possible to do this via scripting either to sync the user sources up between central and Edges, as you don't have access to raw passwords...
I'm thinking, if you use an internal db user source, you could grab the row in the config.db from Central and copy that to the Edge gateways' config.db... maybe. Unless the decryption key is different between gateways
I would think that having many users logging into Edge is not really an Edge use-case. If there are many Edge installs and many admin/designer users, EAM is the answer (to push from dev to prod).
The solution I have put together is using AD authentication (roles and such stored in a central DB) along with a RFID badge reader so operators dont need to remember/continually type in their passwords.
To syncronize users on edge devices, I set up a script that executes a system.util.sendRequest to my central server with the edge node identifier as a param. The return is a list of users allowed on that device (with role, badge#, language, etc...). Then I itterate over this returned list and add/update users on the edge device.
For my use case, executing this logic (on the edge device) when a user logs out as well as providing a button to manually update the users was good enough
Can EAM sync up users though?
I don't think so. But the point was that you don't need developer access to production Edge.
You can perhaps use an Identity Provider for the "common user source".
Edge can connect to IdP.
keycloak can be used for the IdP
Not tested yet...
Following because I also have multiple Ignition gateways deployed (1 full, 5 edge) that should share the same user pool.
If there's a way to do this IA should really have a standard approach with examples in the manual.