Authentication
Select the user authentication modes available at runtime and configure the required password policy for users defined in
FactoryTalk Optix Studio
.Authentication modes
Depending on the authentication mode selected, these types of users may log on at runtime:
Users type | Description |
---|---|
Model | Users created in FactoryTalk Optix Studio . |
Local | Local machine users. |
Domain | Active Directory or LDAP users. Domain users can log on to FactoryTalk Optix Applications by using these username conventions:
|
OAuth 2.0 | Users authorized with the OAuth 2.0 protocol with PKCE. For more information, see OAuth 2.0 Authorization Code Grant Type.
TIP:
FactoryTalk Optix Studio uses RS256 tokens. |
Depending on the client operating system, different authentication modes are supported:
Operating system | Model authentication | Local authentication | Active Directory authentication | LDAP server authentication | OAuth 2.0 |
---|---|---|---|---|---|
Windows | |||||
Ubuntu 22 |
Domain users and groups mapping
New users and groups:
- If a domain user logs on at runtime, a corresponding model user is created.
Existing users and groups:
- Existing model groups are mapped with the corresponding domain groups.
- Existing model users are mapped with the corresponding domain users if the model username matches the domain username and the domain variable under the user model node.
Edited group membership:
- If a domain user is no longer in a domain group, the corresponding model user is removed from the corresponding model group.
- If a domain user becomes a member of a domain group, the corresponding model user is added to the corresponding model group.The corresponding model user is added to the corresponding model group if the domain group exists in the model.
Removed users and groups:
- If a domain user is removed from a group and the corresponding model user belongs to the model group, the user is removed from the model group after a successful log in.
Password policies
Enforce:
- Minimum and maximum password age
- Minimum password length
- The necessity to set unique passwords
TIP:
Password policies impact Model users only.
Provide Feedback