Manage authentication
- Last UpdatedOct 02, 2024
- 1 minute read
The following authentication methods are listed in order from most secure to least secure (not recommended).
Before Data Archive 2016 R2, trusts were typically used to authenticate PI interfaces, while mappings were used for single sign-on for Windows users on Data Archive servers. With PI API 2016 for Windows Integrated Security, Windows authentication extends to PI interfaces.
We do not recommend using PI trusts or explicit logins for authentication. For a more secure environment, we recommend using Windows Integrated Security.
Note: PI API 2016 for Windows Integrated Security extends Windows authentication to API-based client applications. If you choose to install PI API 2016 for Windows Integrated Security, you can use only Windows Integrated Security for authentication. Both trusts and explicit logins will fail.
-
Windows User Accounts and Passwords
With this method of authentication, users log onto their Windows users accounts and are automatically authenticated on Data Archive. They do not need to enter a separate Data Archive account name and password. This is the most secure authentication method available on PI Server.
-
PI Trusts
PI trusts allow applications to access PI Server without typing in a user name and password. Do not use PI trusts for applications that support Windows authentication.
-
PI Server User Accounts and Passwords
With this method of authentication, users can log onto Data Archive by typing in a PI user account name and password. This is called an explicit login. Explicit logins are the least secure way to authenticate on Data Archive. Configure your Data Archive for Windows authentication and then disable explicit logins.