Checklist: Configure OIDC for new installations
- Last UpdatedSep 03, 2025
- 1 minute read
- PI System
- PI Server 2024 R2
- PI Server
This table lists the basic steps for configuring a newly installed Data Archive server with OpenID Connect (OIDC), also called claims-based authentication.
|
Step |
Notes |
|
Identify user access categories |
|
|
Create a PI identity for each access category (you can also use built-in identities, users, or groups, such as piadmins) |
|
|
After installing and configuring the AVEVA Identity Manager and registering all installed PI components, determine which identity provider(s) (AVEVA Connect or Windows AD) are being used on the configured AIM Server |
Install and configure the AVEVA™ Identity Manager Register PI Server components with the AVEVA Identity Manager |
|
Determine which AD groups are needed and which identities to map them to |
(if using AD) See Review AD configuration |
|
Determine which local Windows groups are needed and which identities to map them to |
(only if using local Windows security) See Configure Windows groups |
|
Determine what identity provider roles and/or client IDs are needed and which identities to map them to |
|
|
Create the mappings |
|
|
Configure access permissions |
|
|
Configure authentication for interfaces |
|
|
Upgrade PI SMT to version 7.0 or later (PI SMT 2023) |
(only for installations with existing clients & interfaces) See Administrative client applications |