• State Verified Answer
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 949 views
  • Users 0 members are here
Options
Related

PI Vision AD User Authentication

JaredGoretzky

HI,

We have been using local users configured in the PI User Group to allow access to PI Vision.  We are now moving to AD Authentication. Is the process as simple as adding domain users on the AD to the Local User folder?  Only other documentation I saw was in Live Library in regards to the ADMIN group: PI Vision

 

Thoughts?

 

Thanks,

Jared

Parents
  • 0

    Hi Jared,

    You are correct that the local PI Vision Users group is used to authorize clients in IIS. So if the client is authenticating with an AD user who is in that local group it should be that simple! For PI security, you need to make sure the users have a valid mapping so they can search for and access tags and attributes. You also need to configure delegation if using WIS from the web server to the Data Archive and AF Server to maintain point level security (assuming the webserver and DA/AF are on separate nodes).

     

    KB01223 has more information on configuring browser security

    This Live Library article has more information on enabling Kerberos delegation

Reply
  • 0

    Hi Jared,

    You are correct that the local PI Vision Users group is used to authorize clients in IIS. So if the client is authenticating with an AD user who is in that local group it should be that simple! For PI security, you need to make sure the users have a valid mapping so they can search for and access tags and attributes. You also need to configure delegation if using WIS from the web server to the Data Archive and AF Server to maintain point level security (assuming the webserver and DA/AF are on separate nodes).

     

    KB01223 has more information on configuring browser security

    This Live Library article has more information on enabling Kerberos delegation

Children
No Data