Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

PI Builder (PI Server 2024 R2)

Sign on to PI Builder with claims-based authentication

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
TABLE OF CONTENTS

Sign on to PI Builder with claims-based authentication

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedDec 12, 2024
  • 2 minute read

You can use claims-based authentication via OpenID Connect (OIDC) to access PI Asset Framework (AF) server and Data Archive. OIDC uses an Identity Management service to verify a user's identity and then grant access to AF client and Data Archive resources via access tokens. The AVEVA Identity Manager is the provided identity service for PI Server 2024.

Once you have successfully signed on using OIDC, the same access token is used to authenticate and gain access to other PI server resources. If a server does not use OIDC authentication, it defaults to Windows authentication.

If your organization does not use OIDC for authentication, you can still use Windows authentication to connect to PI Server resources.

Tip: Select the Remember my Choice option in the PI AF Server Authentication Mode dialog to set OpenID Connect or Windows as the preferred authentication method, and bypass the dialog in future connections to the PI AF server. 

Prerequisite

Your PI administrator must have created and assigned a user account to an Identity Server role, and created a mapping to the role from an AF identity.

Sign on with OIDC

  1. Open Microsoft Excel.

  2. Click the PI Builder menu tab.

  3. On the PI Builder tab, click Elements, then click Find Elements.

    Note: You can also retrieve PI point data and log into a claims-aware Data Archive using OIDC.

    The PI AF Server Authentication Mode dialog opens.

    The Authentication mode dialog box showing Open ID Connect as the selected authentication mode

  4. To choose an authentication mode for connecting to the PI AF server, select the Authentication down arrow, then choose one of the two available authentication options:

    • OpenID Connect Authentication

    • Windows Authentication

  5. Optional: To save the option you selected in the previous step as the preferred authentication method when connecting to the PI AF server, select the Remember my Choice option.

    The selected authentication method is set to always in the AFSDK.config file. The next time you access PI AF server resources in PI Builder, this method is used for authentication.

  6. Select OK.

    If you selected Windows authentication, the Element Search window opens.

    If you selected OpenID Connect Authentication, the Connecting to AIM Server dialog opens, and then the AVEVA Identity Manager browser window opens.

    Note: To cancel authentication with the AIM server, select Cancel. To reconnect using OIDC, close the browser window and then retry the connection in PI Builder.

  7. In the AVEVA Identity Manager browser window, enter your user name and password, then select Sign In.

  8. In the second browser window, select Yes, Allow.

    After successful authentication, an access token is returned to the AF SDK and then the Element Search window opens.

In This Topic
TitleResults for “How to create a CRG?”Also Available in