×

Have You Seen Workflow Lately? Click here to check out all the new features in the latest version.

Supercharge your GE solution! Download a free trial of Proficy Operations Hub, CSense analytics, and more. Learn more about the Proficy 2024 releases, by signing up for one of our upcoming events.

Home
Security
Domain-Based Security
Windows Domain-Based Security
You can use Windows domain user accounts to manage access to and within Workflow. You can also configure domain user accounts for automatic login on either a global basis or for individual computers.
Workflow User Password Security
Administrator users have the ability to make changes to the security settings in Workflow, including configuring lockout thresholds, re-enabling locked out user accounts, configuring password complexity, and determining whether or not users can change their passwords.
Configure Workflow user login limits
At any time after installation, you can use the Configure Security tool to configure Workflow user login limits.

Workflow Products Documentation

Security
- Security Overview
- Users and Groups
- Domain-Based Security
  - Windows Domain-Based Security
    You can use Windows domain user accounts to manage access to and within Workflow. You can also configure domain user accounts for automatic login on either a global basis or for individual computers.
    - Windows Domain Users Logging into Workflow
      If you are using Windows user names and passwords within Workflow security, be aware that Windows user accounts must have the policy Access this computer from the network applied under the local security policy. By default, this policy is assigned to the groups Users and Everyone on the local machine.
    - Authenticate Windows Domain Users for Vision Calls
      Vision uses a token to make a secure call. For Windows authentication, the Proficy STS service needs to query the domain controller to retrieve groups that the user belongs to. This group information is used to validate the Windows user.
    - Password Expiration Considerations
      When Workflow security is synchronized with Windows security, passwords can expire.
    - Configuring Domain-Based Access Control to Workflow Functionality
      You can use active directory universal or global groups to control access to Workflow functionality.
    - Key Sets
      Key sets are groups of permissions, based on areas of operation within your facility, that define the operations a group of users can perform.
    - Login and Logout Capabilities
      Workflow access can be configured in multiple ways. You can configure automatic login and logout on individual computers, on all computers in your system, or on a subset of computers in your system. You can also retain manual login and logout on a global basis or on specific computers.
    - Workflow User Password Security
      Administrator users have the ability to make changes to the security settings in Workflow, including configuring lockout thresholds, re-enabling locked out user accounts, configuring password complexity, and determining whether or not users can change their passwords.
      - Modify Administrator user account
        At any time after installation, you can use the Configure Security tool to change the Administrator user login credentials. If password complexity is enabled and configured, the Administrator password must follow the same rules as defined for user passwords.
      - Configure GE Single Sign on (SSO)
        At any time after installation, you can use the Configure Security tool to configure GE Single Sign On (SSO) to be used at your site.
      - Configure Web HMI Access
        You can configure Web HMI access during installation or upgrade or use Configuration Tools to connect to Web HMI post-installation.
      - Allow users to change account passwords
        At any time after installation, you can use the Configure Security tool to allow Proficy users to change their password. This capability is available only at login time.
      - Configure Workflow user login limits
        At any time after installation, you can use the Configure Security tool to configure Workflow user login limits.
      - Configure Workflow user password complexity rules
        At any time after installation, you can use the Configure Security tool to configure Workflow user password complexity rules. Complexity rules do not affect existing passwords. However, if a user changes his password, the complexity rules will apply.
      - Password Security Configuration
        When you install Workflow, you are required to set up an Administrator user and you have to option to configure user authentication settings. At any time after installation, you can use the Configure Security tool to change the Administrator user login credentials, GE Single Sign On (SSO), enable users to change their password, configure login limits, and configure password complexity.

Configure Workflow user login limits

At any time after installation, you can use the Configure Security tool to configure Workflow user login limits.

About this task

If you are upgrading from a previous version of Workflow, you must use this tool to configure the password security features. Account lockout is enabled by default during the installation process.

Important: When you use the Configure Security tool to make changes to password security, you must re-enter and confirm the Administrator user's password before you can save your changes.

Procedure

On the server computer, click Start > All Programs > General Electric > Workflow > Configuration > Configure Security.
The Security page appears.
Select the Enforce user lockout check box, and then set the lockout threshold, duration, and timeframe values. This check box is selected by default.
1. In the Lockout threshold field, enter a number from 1 through 100 to indicate the number of consecutive failed login attempts can be made before the Workflow user account is locked out. The default lockout threshold is 5.
2. In the Lockout duration field, enter a number from 0 through 10,000 to indicate that the locked out account will remain locked out for the defined number of minutes. A value of 0 means that the account is locked out indefinitely and must be reactivated by an Administrator user. The default lockout duration is 30 minutes.
3. In the Lockout timeframe field, enter a value from 1 through 10,000 to indicate that the failed login count will be reset after the defined number of minutes after the last failed login attempt. A successful login after this duration has passed resets the window to this value. The default window size is 30 minutes.
Click Save, and then click Exit.