Workflow

Different scenarios are explained below when you try to configure a federated identity provider on a machine. Below is a detailed explanation of the Federated Identity Provider plugin workflow:

• If the earlier version of System Platform is already installed on the machine. Then the plugin cannot be configured, and an error message is displayed.

  "Use the Authentication Plugin provided by System Platform instead to configure Federated Identity provider".

• If there is no System Platform installed or the installed version is different from 2023; and the System Management Server (SMS) or Redundant SSO (RSSO) node has not been configured, then a notification message is displayed.

  "The Machine is not configured as System Management Server (SMS) or RSSO Node".

• If a System Management Server (SMS) or Redundant SSO (RSSO) node has been configured and there is no System Platform installed or the installed version is lower than 2023. You are provided with three options to configure the plugin.

  • None: This option allows you to configure and deletes all other providers.

  • Microsoft Entra ID: You are required to enter all required fields and then will be able to click on the configure option; the action saves the Microsoft Entra ID provider and deletes any other provider configured.

  • CONNECT: When you configure, the CONNECT login page is displayed to fill in the credentials on the AVEVA domain. Once you enter the correct credentials and accept the multi-factor authentication challenge, the login page will be closed.

    To perform this operation, your user credentials requires the "Application Manager" permissions in CONNECT.

• If the process is executed correctly, then endpoint, client id, and service endpoint is displayed inside the Configuration Messages section; the last step of the action deletes any other provider configured.

  Note: This workflow is applicable only for configuring Microsoft Entra ID as a Federated Identity Provider.