Hello everyone,
I am using Ignition 8.1 and need some guidance regarding Active Directory based security in Perspective.
So far, I have completed the following:
My question is related to authorization / permissions in Perspective views.
When I configure Security settings on a Perspective component (for example, Required Roles), I only see Ignition default roles, and I am not sure how to:
-
Use Active Directory users or AD groups for authorization
-
Assign permissions so that specific AD users (or groups) can perform actions such as button clicks, tag writes, or view access
-
Understand where AD roles/groups should appear and how they map to Ignition roles
-
How are AD groups mapped to Ignition roles?
-
How can I login in the perspective session ?
Any guidance or examples would be greatly appreciated.
Thank you.
Go through the Inductive University courses here:
Pay particular attention to the AD sections and the Identity Provider section (especially Security Level Rules) and that should get you going in the right direction to map the AD roles to a standard role name.
4 Likes
Thank you michael !
I have completed almost all of the configuration and I am now able to successfully log in using Active Directory user credentials after configuring the project security in the Designer to use the AD User Source and AD Identity Provider.
However, I noticed that I can no longer log in using my default Ignition user (admin).
I would like to confirm the following:
-
When a project is configured to use an Active Directory Identity Provider, is it expected that users from the Ignition internal user source can no longer log in?
-
Is there a supported way to allow login from both the Active Directory user source and the default Ignition user source at the same time?
Your clarification on this would be greatly appreciated.
You need to set up your active directory user source to do a soft failover to your internal/default user source.
2 Likes
