Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ System Platform

TABLE OF CONTENTS

Authentication Provider Configuration

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedJul 08, 2022
  • 2 minute read

To configure an Authentication Provider, the node must be configured as either the System Management Server node, or as a redundant SSO node. As an Authentication Provider, the node uses Azure Active Directory as the identity provider and allows Single Sign-On (SSO) for System Platform users via their Microsoft-managed credentials.

Users log in to the Authentication Provider through the AVEVA Identity Manager, a standalone authentication server. See Configure the AVEVA Identity Manager for details.

Note: For a galaxy to utilize an external Authentication Provider, the SMS server must be configured on a deployed platform (for example, a GR node), or at least one deployed platform should configured as a Redundant SSO server. Deployed platforms include GR nodes, IDE nodes, and AppEngine (run-time) nodes.

  • Click the checkbox to enable the node as an Authentication Provider. Then, configure the Token Host as described below.

  • Leave this option disabled if you are not using Azure AD, then click Configure. When the checkbox is unchecked (disabled), the fields to configure the Token Host are hidden.

    SMS Configuration: Authentication Provider

To Configure Token Host, enter the following information:

  • Endpoint: copy the OpenID Connect metadata document from the Endpoints section (under Overview) of the application page on the Azure Portal. Do not include the portion of the OpenID Connect metadata after "v2.0." See Collect Azure AD Configuration Information for details.

  • Client ID: if you did not save this when you were creating your application, you can copy the Application (client) ID from the Essentials section (under Overview) of the application page on the Azure Portal.

  • Client Secret: This refers to the secret value. If you did not save the value when you were creating your application, you may need to create a new secret from the Certificates & Secrets page of the Azure Portal. If the value is not being displayed, there is no way to retrieve it.

When you have entered all required information, click Configure, then proceed as prompted.

TitleResults for “How to create a CRG?”Also Available in