About named credentials

The Credentials tab lets you add login credentials that some AVEVA OMI ViewApps may need for access to third-party data and applications that do not support standard authentication methods, such as Windows OS credentials, Active Directory, OpenID Connect, or other standard authentication method.

Initially, a galaxy does not include any credentials. Credentials are created on a galaxy-wide basis, not for individual ViewApps. Although you enter credentials as plain text, the credentials are encrypted when saved, and the credentials are sent to run-time nodes as encrypted data.

Each credential you create is associated with one and only one OS user group. In order to create credentials, OS group-based or OS user-based security must be configured. The credentials you create here are associated with an OS group name. When a user logs into a ViewApp that has an app with a configured credential, the logged-in user obtains access to the credential, provided that the user is associated with the same OS group that matches the OS group for the credential. For example, if you create a credential that is associated with the OS group "Operators," a user that is also a member of "Operators" has access to that credential.

App developers can use the AVEVA OMI SDK to include a dropdown menu that lists configured credentials. When you add an app that uses credentials to a layout, you can select one of the credentials as you configure the app. This is the credential that the app will use at run time, when deployed in a ViewApp. Only one credential can be configured per layout, and users cannot select a different credential from the running ViewApp.

Note: Credentials are supported only when OS User based or OS Group based authentication mode is enabled. If authentication mode is set to None or Galaxy, you cannot add or delete credentials, even if the credentials were created while the authentication mode was set to OS User or OS Group.