Group Mappings

When a product with Proficy Authentication is installed, it provisions Proficy Authentication with the groups which the product uses. Access to the Proficy product and its features is managed in part by which of these Proficy Authentication groups a user is a member of.

Users can gain membership to a Proficy Authentication group by being directly added to the target group, or they can gain membership by being part of a group which is mapped to or a member of the target group. Two common cases for group mapping are:

• Proficy Authentication group to Proficy Authentication group: In the case of shared Proficy Authentication, users of one Proficy product may be granted access to another Proficy product by mapping the Proficy Authentication groups from the first product to Proficy Authentication groups in the second product. One example of this is mapping Plant Application groups to Operations Hub groups.
• External IDP group to Proficy Authentication group: In the case of external IDP integration, users in the external IDP may be granted access to a Proficy product by mapping the IDPs groups to the product’s Proficy Authentication groups. One example of this is mapping LDAP groups to Operations Hub groups.

Group mapping and membership can be configured in the Connectivity section of the Proficy Authentication.