Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

Asset Framework and PI System Explorer (PI Server 2024 R2)

TABLE OF CONTENTS

Sign on with OpenID Connect (OIDC)

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedJan 13, 2025
  • 2 minute read

You can use claims-based authentication via Open ID Connect (OIDC) to sign on to PI System Explorer (PSE). OIDC uses an identity service to verify a user's identity and then grant access to AF client and Data Archive resources via access tokens. The AVEVA Identity Manager is the provided identity service for PI Server 2023.

Once you have successfully signed on with OIDC, the same access token is used to authenticate and gain access to other PI server resources. If a server does not use OIDC authentication, it defaults to Windows authentication.

When first opening PSE, the initially selected authentication mode is used for all default and implicit connections made during that session. To switch the authentication mode used to connect to a specific PI Server resource, you can use the Connect As command. See Connect to a PI AF server, Connect to Data Archive, and Connect to a database on a different PI AF server.

If OIDC is not enabled on a resource, Windows authentication is the default authentication mode.

Prerequisite

You must have created and assigned a user account to an Identity Server role, set permissions, and created a mapping.

  1. Open PI System Explorer.

    The Authentication Mode dialog opens.

  2. Select the Authentication down arrow, then select OpenID Connect Authentication.

    The Authentication Mode dialog box with the OpenID Connect Authentication option selected.

    Note: If you selected Windows authentication to log on, PI System Explorer opens.

  3. Optional: Select Remember my Choice in the Authentication Mode dialog to preserve your preferred authentication method, and bypass the dialog for future server connections.

  4. Select OK.

    The AVEVA Identity Manager browser window opens and then a second browser window opens and prompts for your sign-on credentials.

  5. Enter your OIDC credentials (user name and password) in the browser window, then click OK.

  6. In the AVEVA Identity Manager browser window, select Yes/Allow to enable sharing your identity.

    The PI System Explorer window opens.

    Note: User permissions are set up via role assignments in AVEVA Identity Manager.

  7. Optional: To verify the authentication mode assigned to a user, select File, then select Connections.

    The Servers dialog opens and lists server connections by user and authentication method: AIM (claims-based) or Windows.

TitleResults for “How to create a CRG?”Also Available in