Federated Identity Provider

Federated identity is a method of connecting a user’s identity across multiple separate identity management systems. Users can move between systems while maintaining security. It allows authorized users to access multiple applications and domains using a single set of credentials.

The Federated Identity Provider plugin registers on prem AIM server with the external identity provider (Azure AD or CONNECT), establishing a trust-based relationship between them. The user authentication is delegated to the external identity provider.

When you launch an AVEVA product on a node that’s configured to be a connected experience node, you are prompted to authenticate via one of the two authentication user experiences (as configured) using their federated ID with CONNECT. This requires your Active Directory to be federated or synced with your CONNECT account. AIM acts as a middle layer for all the session and authentication redirects and capabilities.

All on-prem Operations Control products are required to use AIM as a local identity provider to run in Operations Control mode. AIM is configured to federate with CONNECT and CONNECT is federated with your identity provider. All cloud services use CONNECT as an identity provider, and it can be configured to federate to your Azure AD or other identity provider.

Before you register your product with federated identity provider, ensure the following:

• Enable AVEVA Operations Control connected experience as your license mode

• Configure System Management Server (SMS)

For more information refer to the following links:

• Key Concepts of Identity Manager

• Certificates

• Identity Provider Options- Azure AD authentication, AVEVA Connect authentication

• Federated Identity Provider Workflow

• Complete Federated Identity Provider configuration

• AVEVA Identity Manager guide