LESSON

Active Directory Authentication

Description

Let's add an additional authentication profile to fetch user information from Active Directory (AD). This video explains the Domain and LDAP settings, and using SSO (Single Sign On) and enabling it in each project. Active Directory Groups are used as Ignition's roles and user-role mappings.

Video recorded using: Ignition 7.9

Transcript

(open in window)

[00:00] An active directory user source allows you to connect Ignition to a current active directory system. This allows you to authenticate users in Ignition against an active directory system that you may already be using within your company. Let's take a look at how we might set up one of these active directory user sources. We start out in the configure section of the gateway webpage, and we need to go to the users and roles page under security. Here we see a list of all of our current users sources and we want to click the create new user source link down at the bottom of the page. Here we can ensure that we have the Active Directory type selected and then scroll down and hit the next button. Here we have a list of properties that we can use to configure our user source. We can give our new user source a name, and we can also configure certain things like a failover source or setting whether we want it to restrict users based on their schedule. These properties work in much the same way that they do with other user sources. If we scroll down a little further, we get to that active directory properties section, where we can configure the majority of our user source. We can set things like the domain for our active directory server, as well as a username and password. Note that this username and password is not the same credentials that you use to log in to the Ignition Gateway, but it is instead the credentials that you use to log in to your active directory system. If we scroll down a little further, we can then set a host name for primary and secondary domain controller. We can also choose to enable single sign-on, or SSO, and specify an SSO domain. For SSO to work properly, you do have to enable it on a project by project basis, but we'll go over that in a minute. Now if we click the check box to show advance properties, we get a large list of new properties, which allow us to customize how our active directory user source works. These allow you to restrict who in your active directory system has access to Ignition. Now, it's important to note that all of these settings, including the ones we discussed before, are going to be unique to your active directory system. Because of this, we recommend talking to either your IT Department, or whoever set up and managed your active directory system, and work with them to ensure that you get all the right settings into your active directory user source. Once everything is set up properly, we can then scroll all the way down to the bottom of the page, and click on the create new user source button. Now the last thing I want to talk about is using SSO within your projects. We first have to enable SSO here within our user source, but we also have to make a change to each individual project. So let's take a look at a designer to see how that works. Here in my project, I need to go up to the project properties and then locate the login section under client. At the bottom of this section, I can choose to enable SSO login for this project. I would need to make sure I enable this setting for every project that I want to use SSO with.

You are editing this transcript.

Make any corrections to improve this transcript. We'll review any changes before posting them.

close

Share this video