Authentication

Select the user authentication modes available at runtime and configure the required password policy for users defined in
FactoryTalk Optix Studio
.

Authentication modes

Depending on the authentication mode selected, these types of users may log on at runtime:
Users type
Description
Model
Users created in
FactoryTalk Optix Studio
.
Local
Local machine users.
Domain
Active Directory or LDAP users.
Domain users can log on to
FactoryTalk Optix Applications
by using these username conventions:
  • Username
  • DomainNameAlias
    \
    Username
  • DomainName
    \
    Username
  • Username
    @
    DomainName.domain
  • Username
    @
    UPNDomainName
OAuth 2.0
Users authorized with the OAuth 2.0 protocol with PKCE. For more information, see OAuth 2.0 Authorization Code Grant Type.
TIP:
FactoryTalk Optix Studio
uses RS256 tokens.
Depending on the client operating system, different authentication modes are supported:
Operating system
Model authentication
Local authentication
Active Directory authentication
LDAP server authentication
OAuth 2.0
Windows
Yes
Yes
Yes
Yes
Yes
Ubuntu 22
Yes
Yes
Yes

Domain users and groups mapping

New users and groups:
  • If a domain user logs on at runtime, a corresponding model user is created.
Existing users and groups:
  • Existing model groups are mapped with the corresponding domain groups.
  • Existing model users are mapped with the corresponding domain users if the model username matches the domain username and the domain variable under the user model node.
Edited group membership:
  • If a domain user is no longer in a domain group, the corresponding model user is removed from the corresponding model group.
  • If a domain user becomes a member of a domain group, the corresponding model user is added to the corresponding model group.
    The corresponding model user is added to the corresponding model group if the domain group exists in the model.
Removed users and groups:
  • If a domain user is removed from a group and the corresponding model user belongs to the model group, the user is removed from the model group after a successful log in.

Password policies

Enforce:
  • Minimum and maximum password age
  • Minimum password length
  • The necessity to set unique passwords
TIP: Password policies impact Model users only.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.