UAA Group Mappings

When a product with Proficy UAA is installed, it provisions Proficy UAA with the groups which the product uses. Access to the Proficy product and its features is managed in part by which of these UAA groups a user is a member of.

Users can gain membership to a UAA group by being directly added to the target group, or they can gain membership by being part of a group which is mapped to or a member of the target group. Two common cases for group mapping are:

• UAA group to UAA group: In the case of shared UAA, users of one Proficy product may be granted access to another Proficy product by mapping the UAA groups from the first product to UAA groups in the second product. One example of this is mapping Plant Application groups to Operations Hub groups.
• External IDP group to UAA group: In the case of external IDP integration, users in the external IDP may be granted access to a Proficy product by mapping the IDPs groups to the product’s Proficy UAA groups. One example of this is mapping LDAP groups to Operations Hub groups.

Group mapping and membership can be configured in the Connectivity section of the UAA Configuration Tool.