HistorianAbout Proficy Authentication
In Historian, user authentication is handled using Proficy Authentication, which provides user account and authentication (UAA) service. Proficy Authentication provides identity-based security for applications and APIs. It supports open standards for authentication and authorization, including Oauth2.
When a user is created, modified, or deleted in Historian, the associated user account is being created, modified, or deleted in the Proficy Authentication instance, respectively.
Note: This is done in the backend automatically. Therefore, most users will not require knowledge on UAA to perform basic user management, except when additional configuration is required.
To use Proficy Authentication, you can choose between the following options while
installing Web-based Clients:
- Use a local Proficy Authentication service: Use this option if you are want to create a local Proficy Authentication instance. This is the default option. You can create this while installing Web-based Clients.
- Using a remote Proficy Authentication service: Use this option if you are currently using a Proficy Authentication service on a remote machine. You can install this service using Historian Web-based Clients, or you can use any other UAA service (such as Proficy Authentication installed using Operations Hub). You can then manage these users in Web-based Clients. The users in the remote Proficy Authentication service can then use Web-based Clients.
This section describes how to use the Proficy Authentication IdP Configuration
tool to map remote Proficy Authentication groups, LDAP groups, and LDAPS
groups with the Proficy Authentication groups. For information on creating
groups and users using the Proficy Authentication IdP Configuration tool,
refer to:
- https://www.ge.com/digital/documentation/uaa/c_uaa_about_uaa_groups.html
- https://www.ge.com/digital/documentation/uaa/c_uaa_about_uaa_users.html
Note: Mapping SAML groups is not supported.