Create PI mappings

Note: This section doesn't apply if installing in an environment whose end users only use OpenID Connect authentication.

PI mappings and PI identities are the central components of the Data Archive security model. Together, mappings and identities determine which Windows users are authenticated on the Data Archive server and what access permissions users have. For more information about PI mappings, see the PI Server topic Mapping management.

1. Open PI System Management Tools (SMT).

2. Under Collectives and Servers, select the server.

3. Under System Management Tools, select Security > Identities, Users, & Groups.

4. Select the identity, user, or group that you want to map.

5. In the toolbar, click the properties button .

   The Properties window opens.

6. In the Properties window, select the Mappings and Trusts tab.

   The top portion of the window shows all existing mappings for this PI identity, user, or group. The bottom portion shows all existing PI trusts.

7. Select Add under the mappings portion of the window.

   The Add New Mapping window opens.

   Note: The Add button is disabled if the selected PI identity is flagged as disabled or not usable in a mapping.

8. Enter the Windows account for group or individual users.

   This can be an AD principal or a local Windows group or user. To select the account either:

   • Select the browse button to browse for the account.

   • Type in the account name for a group or individual users, and select the resolve SID button to verify that this is a valid account. If the account is valid, an SID appears in the field. Otherwise, a window with an error message opens.