Version:

This lesson is part of the Security in Ignition course. You can browse the rest of the lessons below.

LESSON LIST

Autoplay Off

LESSON

Restricting Gateway Access

Description

You can determine which users are allowed access to the Designer and various Gateway sections based on assigned roles. Learn more in this lesson.

Video recorded using: Ignition 8.1

Transcript

(open in window)

[00:00] In this lesson, we'll discuss how we can secure our gateway webpage from unwanted access. Now, before we get started it's worth noting that the strongest form of security we have is network security, so keeping unwanted users from accessing the gateway webpage at all might be a good start. But in terms of restricting access within your gateways network, there are some simple steps we can take to control who can log in to different sections of the gateway webpage. To get started, I'm on my gateway webpage here and I just need to go into the config section of the webpage, then find the security section, and select general. The first thing to know about securing the gateway webpage is that logging into the gateway webpage is done against an identity provider, so the most important property in here will be the system identity provider setting. The identity provider we choose will be used for the gateway webpage, as well as the designer, if our designer authentication strategy is set to identity provider. So, with an identity provider specified, the only other piece here is setting required security levels for accessing the gateway config section, the status page, and potentially the homepage, too. Entering security levels here will restrict those areas of the gateway or designer to users that have been granted these specified levels. When we specify these levels, it's important that we use the full security level path and we can use commas to specify multiple security levels. If we do, we have the ability to choose between requiring all of them or just one of them. Here we're seeing effectively the default values for everything, but breaking out different features into different levels could be a good idea. For example, allowing managers to access the status page, where they can see details about the running gateway, but not the config page, where they can potentially break something important, might be a good idea. It's also worth keeping in mind that someone with access to the config page could come in and change all these settings, so generally speaking, the config page should be the most locked down part of your gateway. In any case, however you'd like to organize or restrict access to your gateway, this security page is here to help.

You are editing this transcript.

Make any corrections to improve this transcript. We'll review any changes before posting them.