User Accounts managed by IT Department

We recently installed Ignition and are currently trying to figure out how to lockdown permissions. We in IT are responsible for creation/deactivation of all user accounts. Everything else in Ignition is handled by our Engineers creating the connections, doing the designs, etc. How do we limit the account management to just IT? I see how we can create Roles but no idea where to manage the detailed permissions of a given role.

not for sure if you can just lock it down where only IT can control it the way I think you are talking about. Once your in the designer, each designer would have access. Our plant uses Active Directory that our IT Department setup, and I just use the groups each person is already assigned to or have IT create new groups for different screens, etc

1 Like

An alternative solution that we use is ...

  • Use AD Hybrid Authentication. This means that the AD login just verifies the user.
  • Add the user manually into Ignition and assign the appropriate roles.
  • Assign roles to the projects and views.

It's a bit of extra effort but the list of users in Ignition is relatively small and it means that Engineering can control it without IT involvement once they have set the users up.