Understand why you need to retire PI trusts

After replacing any existing PI trusts with PI mappings, retire all PI trusts as an authentication model.

Prior to the availability for Windows authentication on PI API enabled by the release of PI API 2016 for Windows Integrated Security, PI trusts were typically used to authenticate API-based client applications that ran unattended, such as PI interfaces. Trust authentication works by comparing the connection credentials of the connecting application to the trust records in the trust database. Human intervention is not required at the time of connection. PI trust authentication is a weak form of authentication compared to Windows authentication, and is not recommended.

For information about retiring PI trusts, see Task 6: Retire PI trusts.