[00:00] In this lesson, we'll take a look at how to restrict gateway access. We'll be specifically looking at the settings within our Ignition gateway, but it's worth noting that your network security is an extremely important aspect of preventing unwanted users from accessing your gateway webpage, so that might be a good place to start. We can control Ignition gateway and designer permissions by navigating to platform > security > general settings. The first setting here is the system identity provider. This is the IdP that controls access to the gateway webpages and can control access to the designer. The designer authentication strategy allows us to decide whether designer users will be authenticated with the classic strategy or with the identity provider strategy. When this is set to "classic" authentication will be performed against the system user source, which is specified here. When it's set to "identity provider", you'll authenticate against the system identity provider that we just looked at. I'll scroll down to the roles and permission settings, and this is where we could specify the roles or security levels needed to perform different system functions.

[01:05] Starting with the designer roles, this will control which users can log into the designer. Right now, I'm using the classic authentication strategy for the designer, so it expects a user source role or a comma separated list of roles. If I were to switch to "identity provider", I would instead specify designer permissions, and I would select security levels to provide that access. When selecting security levels for any of the following permissions, we can specify whether the user must belong to all the selected levels or just one to be given permission. Also, setting any of these to "public" means that everyone is granted these permissions. The next permission is the create project permission. Users given this permission will be allowed to create projects from the designer. After that, we have the gateway write permissions. This will give users the ability to interact with gateway webpages and gateway settings. Next is the gateway read permissions. This controls who's able to view the gateway pages and settings. It's important to note that any users who receive the gateway write permissions will receive the read permissions regardless of what we apply here.

[02:06] Finally, we have the gateway access permissions. Being given this permission means that you'll be able to view all of the pages within the home section except for Perspective Sessions and Brand Settings. By configuring the settings found on this page, you'll be able to provide more granularity for which users have access to the different functions of the gateway webpage and the designer. I'll provide a link to our user manual page for these settings under the video so that you can read more or reference them later.