Have You Seen Workflow Lately? Click here to check out all the new features in the latest version.

Supercharge your GE solution! Download a free trial of Proficy Operations Hub, CSense analytics, and more. Learn more about the Proficy 2024 releases, by signing up for one of our upcoming events.

Home
Security
Domain-Based Security
Windows Domain-Based Security
You can use Windows domain user accounts to manage access to and within Workflow. You can also configure domain user accounts for automatic login on either a global basis or for individual computers.
Login and Logout Capabilities
Workflow access can be configured in multiple ways. You can configure automatic login and logout on individual computers, on all computers in your system, or on a subset of computers in your system. You can also retain manual login and logout on a global basis or on specific computers.
Security Log File
Workflow security generates a log of security-related actions taken by Workflow users. The security log file resides in the default log path and is called ProficySTS.LOG.

Workflow Products Documentation

Security
- Security Overview
- Users and Groups
- Domain-Based Security
  - Windows Domain-Based Security
    You can use Windows domain user accounts to manage access to and within Workflow. You can also configure domain user accounts for automatic login on either a global basis or for individual computers.
    - Windows Domain Users Logging into Workflow
      If you are using Windows user names and passwords within Workflow security, be aware that Windows user accounts must have the policy Access this computer from the network applied under the local security policy. By default, this policy is assigned to the groups Users and Everyone on the local machine.
    - Authenticate Windows Domain Users for Vision Calls
      Vision uses a token to make a secure call. For Windows authentication, the Proficy STS service needs to query the domain controller to retrieve groups that the user belongs to. This group information is used to validate the Windows user.
    - Password Expiration Considerations
      When Workflow security is synchronized with Windows security, passwords can expire.
    - Configuring Domain-Based Access Control to Workflow Functionality
      You can use active directory universal or global groups to control access to Workflow functionality.
    - Key Sets
      Key sets are groups of permissions, based on areas of operation within your facility, that define the operations a group of users can perform.
    - Login and Logout Capabilities
      Workflow access can be configured in multiple ways. You can configure automatic login and logout on individual computers, on all computers in your system, or on a subset of computers in your system. You can also retain manual login and logout on a global basis or on specific computers.
      - Automatic Login and Logout
        Automatic login and logout can be configured for individual workstations or for all workstations that are included in a global default configuration. You can configure automatic login for Windows users on individual computers or on a global basis. You can configure automatic login for Workflow users only on individual computers.
      - Manual Login and Logout
        Operators can log into Workflow manually using the Login dialog box. When the login dialog box appears, it allows operators to enter their login name and password.
      - Security Log File
        Workflow security generates a log of security-related actions taken by Workflow users. The security log file resides in the default log path and is called ProficySTS.LOG.
    - Workflow User Password Security
      Administrator users have the ability to make changes to the security settings in Workflow, including configuring lockout thresholds, re-enabling locked out user accounts, configuring password complexity, and determining whether or not users can change their passwords.

Security Log File

Workflow security generates a log of security-related actions taken by Workflow users. The security log file resides in the default log path and is called ProficySTS.LOG.

The information in the log file is displayed in chronological order. The security log file is a cumulative file; that is, all new security-based actions are appended to the bottom of the file. To avoid the log file growing too large, it is set to a maximum of 2 MB. If the content grows larger than that, it automatically deletes the oldest information to accommodate the new. You can also manually delete old information from the file.

By reviewing the log file, you can learn about:

who logged in and out.

unsuccessful attempts to access Workflow.

when someone attempted to access an area they had no privileges for.