Locked out - urgent

Ignition
1

So I was messing around with Identity Providers…
And somehow, I’m now locked out of the gateway.

Is there a way to set the IDP back to default, through CLI or some xml config file on the gateway itself ?

Please help… this is urgent

2

https://docs.inductiveautomation.com/display/DOC80/Gateway+Command-line+Utility#GatewayCommand-lineUtility-ResetthePassword

5

that did however solve the problem… I was under the impression that it only reset the password… but appearently it made a temp IDP also… thanks for the help

1 Like
6

I’m in the same boat, they say temp but I cant remove them. what did you end up doing?

7

After you reset the credentials, and re-commission, your gateway web interface’s security is set to the temporary identity provider & user source. You have to fix your original user source to allow you to log in, and change the gateway to use it again. When the temporary source isn’t used anywhere, then you should be able to remove it. (Including logging back into the gateway with the corrected original user source.)

1 Like
8

We decided a good strategy was to have the IdP do a soft failover to Ignition’s default provider and have the Administrator in there so that if anything happens the IdP we can still get in to fix it. It works.

6 Likes
9

My clients all do this too, so they can put contractors in the default provider instead of giving them domain accounts.

6 Likes
10

Thanks, I missed changing it in the general section of identity providers. I’m good now!

11

Is there a tutorial on how to set the failover for IdP?

12

The Failover User Source is a setting on the User Source that the IdP is using, so it can be a little confusing to find.

First navigate to your IdP settings (Config > Security > Identity Providers) and note the User Source it is using. Then navigate to the User Source (Config > Security > User Sources) and edit it. Here you will find the two settings needed for failover: “Failover Source” and “Failover Mode”.

As others have noted it is common practice to set the Failover Source to the default Internal User Source with a soft Failover Mode.

1 Like
13

Try this:

Ignition IdP config
Ignition IdP config761×669 48.9 KB

Then create a user source:

Ignition user source
Ignition user source1170×616 56.8 KB

and further down the page …
Ignition user source 2
Ignition user source 2837×784 66.8 KB

  1. Your company’s domain name.
  2. Get this from your IT department.
  3. Same.
  4. You’ll need a service account set up so that Ignition can log in to Active Directory to check credentials.
  5. Set the password.
  8. SSO option.
  9. In my case it was essential that this was in capital letters.
3 Likes