Understand security and mapping types
- Last UpdatedApr 08, 2026
- 1 minute read
- PI System
- PI Server 2024 R2
- PI Server
You can use PI Builder to retrieve, edit, and delete PI identities and mappings, as well as PI AF identities and mappings.
Mapping types
The MappingType column header indicates the authentication method used to verify a user's identity and permission in PI Data Archive or PI AF. The mapping type name is only required for new mappings and can only be set when a new mapping is created. There are four security mapping types:
-
Windows: Uses Windows authentication to grant user access to the PI System.
-
OIDC: Uses OpenID Connect (OIDC) or claims-based authentication to grant user access to the PI System. This mapping type is used to create a mapping for a specific claim that exists on an access token.
-
Role: Uses OIDC authentication to grant access to the PI System. This mapping type is used to map to CONNECT roles, which have their own sets of permissions, and Windows groups that exist on the same machine that the AVEVA Identity Manager server is installed.
-
ClientCredential: Uses OIDC authentication to enable explicit sign on to the PI System using a client Id that was created on the AIM server.
Related Links
- Retrieve all PI identities
- Create an OIDC role mapping
- Create a subject mapping
- Retrieve selected PI identities
- Retrieve all PI identity mappings
- Retrieve selected PI identity mappings
- Retrieve all security identities
- Retrieve selected security identities
- Retrieve all security mappings
- Retrieve selected security mappings