|
How users, passwords, and roles are managed depends entirely on the type of authentication profile in question. There may be multiple authentication profiles defined. To know what kind of authentication profile is governing what, follow these simple steps:
| 1. | To manage users and passwords for logging into the Gateway Configuration section, you'll need to see what authentication profile is currently set as the Gateway's authentication profile. You can check this under Configuration > Gateway Settings by looking at the System Authentication Profile field and the Gateway Config Role(s) field. |
| 2. | To manage users and passwords for logging into the Designer, you follow the same steps as in #1, except that you need to look at the Designer Role(s) field to see what roles are allowed to log into the designer. |
| 3. | To manage users and passwords for logging into a Vision Client, you go to the Configuration > Projects section. Look at the project in question and you can find its authentication profile listed there. |
| 4. | Now that you know what authentication profile you need to manage, you can find out what kind it is under the Security > Authentication section. |
Now that you know what kind of authentication profile you're dealing with, you can learn how to manage the users, passwords, and roles for each.
| 1. | Internal authentication profiles are the easiest to manage, because you do it all from within the Gateway's web configuration interface. Simply click on the manage users link to the right of the profile, and you can use the interface to add users, roles, and assign users to the various roles. |
| 2. | Database authentication profiles are typically used because you want to be able to manage the users and roles externally by reading and writing to an external database. Because this is the kind of thing a Vision Client does so well, this authentication profile type is often used for projects that require user management from within the Client application itself. |
| 3. | Active Directory authentication profiles are chosen because it is I.T.'s role to manage the users and groups. They have tools to do so, and this cannot be done from within Ignition. |
| 4. | AD/Internal Hybrid authentication profiles are a compromise between Active Directory and Internal profile types. Users and passwords are handled by Active Directory - a user must be able to authenticate correctly with the Active Directory service in order to log in. Roles, however, are managed internally, just like in the Internal profile type by clicking on the manage users link. To assign roles to a user, you add a user with the same username that Active Directory would authenticate with, and then assign any roles to them. |
| 5. | AD/Database Hybrid authentication profiles are a compromise between Active Directory and Database profile types. Just like the AD/Internal hybrid - active directory is used to handle the username and password verification. If a user authenticates correctly against active directory, their roles are retrieved from an external database connection, just like in the Database authentication profile type. |
|