Hello,
I'm new to Ignition and trying to understand the difference between a User Source and Identity Provider. Has anyone used either option with MS Active Directory and what kind of issues did you run into? In this case the Ignition gateway will be at a remote site but the AD server is at the corporate office. I'm thinking the best option might be to use the default User Source and be done with it. Thoughts?
Thanks,
JB
For what its worth, our Ignition install is cloud hosted and our MS AD is a corporate located server. We experience no issues at all.
Good to know. Is your AD connection setup as a User Source or an Identity Provider?
We have it set as a AD/Internal Hybrid user source.
It pulls in all users (filtered) from the AD then in the ignition gateway user roles are manually added, or removed. This way is preferred for us as users are not automatically granted access.
As long as corporate AD server is reachable from remote site, this shouldn't be a problem. We have multiple locations with AD/Internal Hybrid user source like @craigb mentioned using a central AD server.
I recommend soft fallover mode to the default database and leave the Administrator account in there. That way you have a way in if the AD setup fails or you lock yourself out somehow (especially during configuration). You can also use the default user source to create and manage accounts for non-AD members such as contractors.
Thanks for all the responses. Are any of the AD Internal/Hybrid systems being used with Azure Active Directory?
Yes, the Internal/Hybrid AD accounts I mentioned are through MS365.