Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

Application Server

TABLE OF CONTENTS

Authentication modes

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedSep 10, 2024
  • 3 minute read

Enable security for a Galaxy by selecting one of four authentication modes:

  • Galaxy: Uses local Galaxy configuration to authenticate users. All security for the Galaxy is specified and contained at the specific Galaxy level. When the user logs on, security credentials are checked and access to areas and activities is granted at the Galaxy level.

    Note: If you are implementing a multi-Galaxy environment or creating credentials for ViewApps, Galaxy authentication mode is not supported. Use one of the OS-based authentication modes instead. See The multi-galaxy environment and About named credentials for more information.

    You cannot use Galaxy authentication mode if you use the OMI web client. See the OMI help file for more information about the OMI web client.

  • OS User Based: Uses the operating system's user authentication system on an individual user level. All security for the Galaxy is specified and contained in the operating system (OS) on a user level basis. When the user logs on, security credentials are checked and access to areas and activities are decided at the OS user level.

  • OS Group Based: Uses the operating system's user authentication system on a group basis. All security for the Galaxy is specified and contained in the user-to-roles mapping you created in the OS to assign security. When a user logs on, security credentials are checked and verified at the OS group level. OS groups are mapped to security roles in the Galaxy to allow access to areas and activities in the Galaxy. For more information, see About OS group-based security.

  • Authentication Providers: Uses the AVEVA Identity Manager (AIM) to create a unified security management infrastructure across your local System Platform nodes and Azure VMs by leveraging operating system security and using either Azure Active Directory (AD) or CONNECT as the user authentication provider.

    • To use Azure AD as your authentication provider, you must have an Azure AD account available in the Azure portal. See Configure Azure AD as an Identity Provider for guidance about creating an account. The identity manager is normally configured during System Platform installation. See Common Platform Services for details.

    • To use CONNECT your authentication provider, you must have an CONNECT account.

The AVEVA Identity Manager (AIM) is a Platform Common Service (PCS) that creates a unified security management infrastructure across your local System Platform nodes and Azure VMs by leveraging operating system security and an external authentication provider.

Note: If you are using OS user-based security or OS group-based security and you have permissions to use the IDE, the Log In dialog box does not appear.

Important: Do not use the "Administrator" user account to log in to Application Server, InTouch ViewApps, or other System Platform components. "Administrator" is a reserved System Platform name. Some modules of Application Server and System Platform view "Administrator" as a system admin, while other modules view it as a Galaxy admin.

Galaxy migration to support connected experience

When you open an existing galaxy that was configured with the security mode set to Authentication providers (using Azure AD), you must set the security mode to “None” (when in non-connected mode), prior to opening the galaxy in connected experience mode. Connected experience mode is enabled and disabled under License Mode, in the System Platform Configurator. See the System Platform Installation Guide for details.

TitleResults for “How to create a CRG?”Also Available in