Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Identity Manager

TABLE OF CONTENTS

Troubleshooting connection problems

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedApr 15, 2026
  • 4 minute read

The Federated Identity Provider plugin supports registering up to 100 System Management Servers (SMS) or Redundant SSO Servers (RSSO) with an CONNECT account. If you exceed this limit, the Configurator displays the following error message:

Warning message if the number of federated identity provider limits are exceeded

To continue with the registration process, complete the following steps. Detailed instructions are provided in the sections that follow.

  1. Delete stale or unused application URLs from your CONNECT account.

    This step alone might resolve the limitation issue. If the issue persists, continue with the remaining steps.

  2. Acquire an access token

  3. Configure an application

  4. Add URLs to an existing application

  5. Add a new application

  6. Register the System Management Server or Redundant SSO Server with CONNECT using Powershell

Delete stale or unused application URLs from CONNECT

  1. Sign in to your CONNECT account.

    Note: You must be an administrator for the CONNECT account to perform this operation.

  2. Select an application. The Edit Application slide-in pane opens.

  3. Scroll to the listed Redirect URLs and Log out URLs.

  4. Select the delete (trash can) icon next to the URL you want to remove and repeat this step for all stale or unused URLs in each application.

    Seeing linked applications in AVEVA CONNECT

    Acquire an access token

    1. Open the browser and go to CONNECT.

    2. Sign in with your user credentials, and if prompted, select the appropriate account.

    3. From the left navigation pane, select Integrations.

      AVEVA CONNECT menus

    4. Select Access tokens, and then select Create access token to create a new access token.

      Access Tokens listed in AVEVA CONNECT

    5. In Access Token Configuration, select Advanced.

    6. Select Account access token option.

      Ensure that Roles includes On-Premise Identity Integration (AIM), and record the access token for use later in the registration process.

      Configure an application

      Link the redirect URLs and logout URLs with an application. Each application supports up to 100 redirect URLs and 100 logout URLs.

      1. From the left navigation pane, select Integrations.

      2. Select Applications.

        By default, the screen displays "FID_PCSSystemManagementServer" application. This application is automatically created by the Federated Identity Provider configurator plugin.

        Add URLs to an existing application

        1. If applications other than the default application are listed, select the appropriate application.

        2. Verify the application Type is set to PCS On-Premises Identity Integration. If the application Type is not set to PCS On-Premises Identity Integration, ignore the application.

        3. Scroll to the redirect URLs section and select Add redirect URL.

        4. Add a Redirect URL in the following format: "https://{fqdn}/identitymanager/signin-avevaconnect" (where {fqdn} is your fully qualified domain name. i.e. mycomputer.mydomain.com)

        5. Scroll to the Logout URLs section and select Add logout URL.

        6. Add a Logout URL in the following format: "https://{fqdn}/identitymanager/signedout-callback-avevaconnect" (where {fqdn} is your fully qualified domain name. i.e. mycomputer.mydomain.com)

        7. Record the Client ID for the application.

          Add a new application

          If the application "FID_PCSSystemManagementServer" is the only application, or if any other application has reached the limit of 100 redirect URLs and 100 logout URLs, then create a new application before adding in your redirect URLs and logout URLs.

          1. Select Create application to create a new application for AIM integration.

          2. Select the Type as PCS On-Premises Identity Integration.

          3. Record the Client ID field. This is required later during the registration process.

          4. Scroll to the redirect URLs section and select Add redirect URL.

          5. Add a redirect URL in the following format: "https://{fqdn}/identitymanager/signin-avevaconnect" (where {fqdn} is your fully qualified domain name. i.e. mycomputer.mydomain.com)

          6. Scroll through the logout URLs section and select Add logout URL.

          7. Add a logout URL in the following format: "https://{fqdn}/identitymanager/signedout-callback-avevaconnect" (where {fqdn} is your fully qualified domain name. i.e. mycomputer.mydomain.com)

            Register the System Management Server or Redundant SSO Server with CONNECT using Powershell

            On the computer configured as the System Management Server (or RSSO), open Powershell as an administrator and run the following commands:

            $AccessToken = ConvertTo-SecureString -String "********" -AsPlainText -Force Add-PcsAuthenticationProvider -name AvevaConnect -ClientID ******** -Endpoint https://signin.connect.aveva.com -ServicesEndpoint https://services..aveva.com/ -AccessToken $AccessToken

            TitleResults for “How to create a CRG?”Also Available in