Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

Apps, Widgets, and Controls

TABLE OF CONTENTS

Secure InTouch Web Client access

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedApr 23, 2025
  • 2 minute read

Configuring the System Management Server (SMS) allows InTouch Web Client to be used securely with the https protocol. Additionally, after configuring the SMS, InTouch Web Client can be used with the AVEVA Identity Manager (AIM), to support non-windows based security and single sign on. As an administrator there are multiple configuration options available for user authentication and security. Security and user management should work together, see Configure user access in InTouch Web Client for more information.

Graphics describing multiple configuration options available for user authentication and security

Option 1: By default, InTouch Web Client can be accessed using the http protocol and windows-based authentication.

Option 2: Use the Configurator to connect to a local or remote System Management Server. Here the InTouch Web Client will use the https protocol with windows-based security (by default). If you connect to a remote server, you must provide credentials for a domain user when accessing the Web Client.

Option 3: After you configure the System Management Server, you can optionally enable the AVEVA Identity Manager (AIM). AIM is a standalone authentication server that exposes an OpenID Connect endpoint. To use AIM, you must register the client to the identity server. You can configure AIM using the System Management Server Configurator or InTouch HMI Application Manager. For more information, see Register with the AVEVA Identity Manager.

In runtime when the InTouch Web Client page loads, if there is no valid security token, then:

  • Web Client will re-direct to AIM’s login page.

  • AIM will check user credential from the Active Directory.

  • If the credentials are valid, then Active Directory will provide a security token and return it to Web Client.

  • Web Client will then grant access to user with the token.

If a security token already exists, then the user will be granted access. AIM will only support users that can be validated from Active Directory.

Option 4: The Reverse Proxy option allows the InTouch Web Client to be accessed by users outside the OT network. Provide the FQDN of the reverse proxy server in the secure gateway field in the Configurator or the Web Client tab in InTouch HMI Application Manager.

Option 5: When AIM is used for user authentication, it will prevent graphics from being displayed in an iFrame. Selecting the Allow web client to be embedded in any website checkbox will allow users to display graphics within an iFrame in runtime. In runtime, use the Share icon and select the code snippet to insert in the iFrame.

TitleResults for “How to create a CRG?”Also Available in