Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

Operations Control Configurator

TABLE OF CONTENTS

Federated Identity Provider

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedJan 10, 2025
  • 2 minute read

Federated identity is a method of connecting a user’s identity across multiple separate identity management systems. Users can move between systems while maintaining security. It allows authorized users to access multiple applications and domains using a single set of credentials.

Note: An internet connection must be available on all nodes in your system during operation under the connected experience including authentication. If your system is offline or you have otherwise lost connection with CONNECT, see Offline connected experience for information about offline options.

The Federated Identity Provider plugin registers on-premises AVEVA Identity Manager server with the external identity provider (Microsoft Entra ID or CONNECT), establishing a trust-based relationship between them. The user authentication is delegated to the external identity provider.

When you launch an AVEVA product on a node that’s configured to be a connected experience node, you are prompted to authenticate via one of the two authentication user experiences (as configured) using their federated ID with CONNECT. This requires your Active Directory to be federated or synced with your CONNECT account. AIM acts as a middle layer for all the session and authentication redirects and capabilities.

All on-premises Operations Control products are required to use AIM as a local identity provider to run in Operations Control mode. AIM is configured to federate with CONNECT and CONNECT is federated with your identity provider. All cloud services use CONNECT as an identity provider, and it can be configured to federate to your Microsoft Entra ID or other identity provider. This is required only for connected experience. For non-connected experience, it is optional.

Federated Identity Provider

Before you register your product with the federated identity provider, ensure the following:

  • Enable AVEVA Operations Control connected experience as your license mode

  • Configure System Management Server (SMS)

For more information about AVEVA Identity Manager refer to the following separate documents:

TitleResults for “How to create a CRG?”Also Available in