Step 6. Enable Automatic Log Ins

About this task

Windows authentication can be enabled or disabled whether or not Windows groups have been selected in the Windows Authentication window.

Enable/Disable Windows Authentication

About this task

The following steps describe how to enable Windows Authentication in CIMPLICITY, and the options available when you do (Allow Configuration Auto Login and Allow Auto Login).

Procedure

Open the Windows Authentication dialog box.
Select Enable Windows Authentication.
The following options become available: Allow Configuration Auto Login and Allow Auto Login.
Note: If only Enable Windows Authentication is selected and if the Windows user is a member of a selected group, CIMPLICITY will:
- Open a CIMPLICITY Login dialog box.
- Check the Windows/password credentials.
- Look for the user in the Selected Groups.
- Give the user CIMPLICITY/Proficy Change Management (PCM) access based on the first group in which the user is found.

Select one of the following configurations:

Allow Auto Login	Allow Configuration Auto Login	Description
Checked	Clear	If the Windows user is a member of a selected group, CIMPLICITY will: Look for the user in the Selected Groups. Automatically log in the user to CIMPLICITY based on the first group in which the user is found. Assign the user the role/resources assigned to that group. Users have to manually log into CIMPLICITY to do configuration if CIMPLICITY Configuration Security is enabled and to manually log into Proficy Change Management (PCM). Users have to: Manually log into CIMPLICITY to do configuration if CIMPLICITY Configuration Security is enabled. Manually log into Proficy Change Management
Checked	Checked	Users can potentially be automatically logged into: CIMPLICITY configuration. CIMPLICITY runtime. Proficy Change Managements (PCM) projects.
Clear	Checked	When Windows Authentication is enabled, Windows Authentication: Reads the current logged in Windows user. Does the following if the user is new to CIMPLICITY/not listed in the project: Prompts the user for a CIMPLICITY valid name/password. Creates a CIMPLICITY user based on the valid name/password. Assigns the user the role/resources assigned to the Windows Authentication group that the user is in. Automatically logs the user into CIMPLICITY based on the first Windows Authentication group in which the user is found. Automatically logs the user into CIMPLICITY based on the first Windows Authnetication group in which the user is found. Users are: Automatically logged into CIMPLICITY to do configuration even if CIMPLICITY Configuration Security is enabled. A failure message may display for a user who does not have Workbench privileges; a Configuration Login dialog box will open to prompt the user for valid credentials. A Valid user can enter either of the following in the Configuration Login dialog box: `<domain>/<username>` `<username>` Automatically logged into a Proficy Change Management (PCM) project. The automatic logon applies only to PCM project properties, not to PCM computer properties. An automatic PCM logon can occur based on selections in the Project Properties dialog box>Change Management tab: As soon as the Workbecnh starts up if Logon at Workbench startup is checked. If Prompt for user name and password at logon is not checked. Based on whether or not a username/password that is entered for CIMPLICITY/PCM is valid or invalid. Important: Close and reopen the Workbench after Allow Configuration Auto Login is checked.

Allow Auto Login

Allow Configuration Auto Login

Description

Checked

Clear

If the Windows user is a member of a selected group, CIMPLICITY will:

Look for the user in the Selected Groups.
Automatically log in the user to CIMPLICITY based on the first group in which the user is found.
Assign the user the role/resources assigned to that group. Users have to manually log into CIMPLICITY to do configuration if CIMPLICITY Configuration Security is enabled and to manually log into Proficy Change Management (PCM).

Users have to:

Manually log into CIMPLICITY to do configuration if CIMPLICITY Configuration Security is enabled.
Manually log into Proficy Change Management

Checked

Users can potentially be automatically logged into:

CIMPLICITY configuration.
CIMPLICITY runtime.
Proficy Change Managements (PCM) projects.

Clear

Checked

When Windows Authentication is enabled, Windows Authentication:

Reads the current logged in Windows user.
Does the following if the user is new to CIMPLICITY/not listed in the project:
- Prompts the user for a CIMPLICITY valid name/password.
- Creates a CIMPLICITY user based on the valid name/password.
- Assigns the user the role/resources assigned to the Windows Authentication group that the user is in.
- Automatically logs the user into CIMPLICITY based on the first Windows Authentication group in which the user is found.
- Automatically logs the user into CIMPLICITY based on the first Windows Authnetication group in which the user is found.

Users are:

Automatically logged into CIMPLICITY to do configuration even if CIMPLICITY Configuration Security is enabled.
A failure message may display for a user who does not have Workbench privileges; a Configuration Login dialog box will open to prompt the user for valid credentials.
A Valid user can enter either of the following in the Configuration Login dialog box:
- <domain>/<username>
- <username>
Automatically logged into a Proficy Change Management (PCM) project.
- The automatic logon applies only to PCM project properties, not to PCM computer properties.
- An automatic PCM logon can occur based on selections in the Project Properties dialog box>Change Management tab:
  - As soon as the Workbecnh starts up if Logon at Workbench startup is checked.
  - If Prompt for user name and password at logon is not checked.
  - Based on whether or not a username/password that is entered for CIMPLICITY/PCM is valid or invalid.

Important: Close and reopen the Workbench after Allow Configuration Auto Login is checked.

Windows Authentication Guidelines

When a user:
- Attempts to log into CIMPLICITY, if the Windows user name/password are not valid or CIMPLICITY does not find the user in any of the groups, the user is denied CIMPLICITY access.
- Logs into CIMPLICITY for the first time using Windows authentication, that user is automatically added to CIMPLICITY's list of users.
- Is listed in the CIMPLICITY list, user specifications can be modified the same way as for any other user.
When the new Windows Authentication module tries to validate a user with auto log in, If Windows Authentication does not have a valid user/password to use to query the domain controller, it uses the current user that the process is running under.
On a default installation Windows authentication runs as a system user; depending on how the domain is set up there is a good chance that the system user will not have the ability to query the domain.
To make sure Windows authentication can query the domain:

Procedure

Open the Services control panel.
Make the CIMPLICITY HMI service run under a domain account that has privileges to query the domain.