Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

Asset Framework and PI System Explorer (PI Server 2024 R2)

TABLE OF CONTENTS

Map a role to a PI AF identity

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedJul 09, 2023
  • 2 minute read

You can create a mapping from a PI AF identity to an Identity provider (IdP) role. A role represents a group of users with similar job functions and access permissions. Roles are stored and managed by the Identity provider service. The AVEVA Identity Manager is the provided identity service for PI Server 2023.

A PI AF identity represents a set of access permissions on the AF server for a Windows user or group. Role members that are mapped to a PI AF identity inherit the same access permissions as the PI AF identity, such as access to an element collection or objects. See Learn about identities and mappings for more information.

Prerequisite

OIDC authentication must be enabled.

  1. Open PI System Explorer.

  2. If this is the first time you are opening PI System Explorer, select the OIDC authentication option and sign in with your OIDC credentials.

  3. Select File, then select Connections.

    The Servers dialog opens.

  4. Select the Properties button.

    The PI AF Server Properties dialog opens.

  5. Select the Mappings tab.

  6. Right-click in the dialog and select New Mapping.

    The Security Mapping Properties dialog opens.

  7. Select the OpenID Connect option.

    Note: If the user has signed on with OIDC, the OpenID Connect option is selected by default.

  8. Select the Role magnifying button.

    The Select an OIDC Mapping dialog opens.

    The Select an OIDC Mapping dialog with the list of available identity server roles shown.

  9. Select the Roles or Client ID option to filter the list box by Identity provider roles or client ID names.

  10. In the list box, select the role or client ID you want to map to the PI AF identity, then select OK.

    Note: The roles listed in the Select a Role dialog depends on the identity provider. Roles are created and configured on the identity server.

  11. The role, role ID, and name are added to the Security Mapping Properties dialog.

  12. In the Security Mapping Properties dialog, select the Identity down arrow, then select the PI AF identity you want to map to the role.

  13. Select OK.

    The role is now mapped to the PI AF identity in PI System Explorer. Users assigned to the role inherit the same access permissions to AF resources as the PI AF identity.

TitleResults for “How to create a CRG?”Also Available in