Exclude an identity provider from a role search
- Last UpdatedNov 13, 2025
- 1 minute read
- PI System
- PI Server 2024 R2
- PI Server
In certain scenarios, the AVEVA Identity Manager (AIM) can become unresponsive during a role search that is initiated by the AF Client through AF Server. To prevent a lockout from occurring, you can direct AIM to skip a role search for a particular identity provider.
The excludedProviders option is a manual setting used to skip or exempt a role search for an identity provider during the authentication process. This option is located in the .
Definition: The AFService.exe.config file is a standard ADO.NET connection string that defines the location of the Microsoft Azure, Amazon RDS or SQL Server PI AF database, and the security mode used to connect to the database.
This file can be edited to reflect your PI AF database configuration and other settings.
It is important that only authorized users have access to this file, as well as the
account used to run the PI AF Application Service.
Note: Use caution when exempting an identity provider from the role search.
Perform the following steps to have the AVEVA Identity Manager exclude a role search for a chosen identity provider(s).
-
In Windows Explorer, navigate to the PIPC\AF folder on the PI AF Application Service computer.
-
Use a text editor to open the AFService.exe.config file.
-
Search for and locate the 'excludedProviders' setting in the AFService.exe.config file:
</appSettings>
...
<add key="excludedProviders" value=""/>
...
</appSettings>
-
Enter the provider or list of providers separated by a comma within the parentheses after value=.
Code example:
<add key="excludedProviders" value="Windows, AzureAD, Microsoft EntraID"/>
-
Save your changes.
-
Restart the AF Service.