About User Account and Authentication (UAA)
In Historian, user authentication is handled using User Account and Authentication (UAA). UAA provides identity-based security for applications and APIs. It supports open standards for authentication and authorization, including Oauth2.
When a user is created, modified, or deleted in Historian, the associated user account is being created, modified, or deleted in the UAA instance, respectively.
Note: This is done in the backend automatically. Therefore, most users will not require knowledge on UAA to perform basic user management, except when additional configuration is required.
To use UAA, you can choose between the following options while installing Web-based Clients:
- Use a local UAA service: Use this option if you are want to create a local Historian UAA instance. This is the default option. You can create this while installing Web-based Clients.
- Using a remote UAA service: Use this option if you are currently using a UAA service on a remote machine. This UAA service can be Historian UAA or any other UAA service (such as Operations Hub UAA). You can then manage these users in Web-based Clients. The users in the remote UAA service can then use Web-based Clients.
This section describes how to use the UAA IdP Configuration tool to map remote
UAA groups, LDAP groups, and LDAPS groups with the Historian UAA groups. For
information on creating UAA groups and users using the UAA IdP Configuration
tool, refer to:
- https://www.ge.com/digital/documentation/uaa/version2022/c_uaa_about_uaa_groups.html
- https://www.ge.com/digital/documentation/uaa/version2022/c_uaa_about_uaa_users.html
Note: Mapping SAML groups is not supported.