Step 3: Configure Federated Identity Provider

To configure the Federated Identity Provider

1. Prepare the Federated Identity Provider prerequisites.

   1. For a federated identity connection, you need a valid CONNECT account, and you must be an administrator on that account.

   2. This step only applies to the node where this machine is the configured System Management Server or Redundant SSO. If a node is connecting to an existing System Management Server and is not a Redundant SSO, configuring the Federated Identity Provider is not required.

2. Select Federated Identity Provider in the left pane, under Common Platform.

   The Identity Manager component in the Platform Common Services (PCS) Framework available on the System Management Server (SMS) and Redundant SSO (RSSO) machines can be configured for federated login with CONNECT. This means that a user can enter their email address as registered with a CONNECT account into the Identity Manager login form, at which point they are redirected to CONNECT so they can log in. At present, for Operations Control connected experience, only federation to CONNECT is supported and Microsoft Entra ID is not supported.

   If you set the Federated Identity Provider to None you can use AVEVA Identity Manager or local identity providers such as Windows authentication, but you will no longer have a connected experience configuration.

   

3. Select the appropriate CONNECT account.

   If you have multiple CONNECT accounts, then after the authentication, an account selection dialog listing multiple CONNECT accounts will be displayed. Select the account with which you want to be federated.

   If you are part of only one CONNECT account, then the account selection dialog will not be displayed.

4. Provide your CONNECT credentials when requested.

   Note: If you are configuring a Redundant SSO Server, it is important to select the same CONNECT account that was configured on the System Management Server.