Configure the authentication mode

Change the default authentication mode to allow local users and domain users to log on at runtime.
Prerequisites
To allow Active Directory users to authenticate, either:
  • Obtain the Active Directory domain name and server address.
  • Ensure that the
    Windows
     client is joined to the Active Directory domain.
To allow LDAP users to authenticate, obtain:
  • LDAP server address
  • Base64 CA certificate file exported from the Active Directory server or from a computer in the domain
TIP:
FactoryTalk Optix Studio
 does not support LDAP over SSL (LDAPS).
  1. To configure the authentication mode
  2. In
    Project view
    , select the root node.
  3. In
    Properties
    , expand
    Authentication
    , and then in
    Authentication mode
    , select the authentication type that allows specific users to log on:
    • Model only
      . Users created in
      FactoryTalk Optix Studio
      .
    • Local only
      . Local machine users.
    • Domain only
      . Active Directory and LDAP users.
    • Domain and local
      . Active Directory, LDAP, and local machine users.
    • Any
      . Users of any type.
  4. (optional) Set
    DefaultUserFolder
     to change the default folder to contain user objects.
    TIP: The default folder to contain user objects is
    Security
    Users
    . When a domain user logs in at runtime, a corresponding user object appears in the folder specified.
  5. If you intend to run your application on a client outside the Active Directory domain:
    1. In
      Default domain name
      , enter the default domain name for domain users that log on at runtime.
      TIP:
      To get the server address, enter this command in PowerShell
      nslookup -type=srv _ldap._tcp.
      ftoptix.local
      , where
      ftoptix.local
       is the domain name of the Active Directory server, and copy the server DNS.
      If you leave
      Default domain name
       blank, the domain name is set based on the Active Directory domain joined by the
      Windows
       client.
    2. In
      Default server address
      , enter the Active Directory or LDAP server address.
      TIP:
      To get the server address, enter this command in PowerShell
      nslookup -type=srv _ldap._tcp.ftoptix.local
      , where
      ftoptix.local
       is the domain name of the Active Directory server, and copy the internet address.
      If you leave
      Default server address
       blank, the Active Directory server address is set based on the Active Directory domain joined by the
      Windows
       client. If you do not specify the port in the server address, the default 389 port is used.
  6. In
    CA certificate file
    , select
    Browse
     and select the Base64 CA certificate file.
    TIP:
    To find items, start typing the item name to find in
    Select file
    .
    If the file does not appear in
    Select file
    , select
    Import file(s)
     and in
    Import file(s)
    , select the file to import and then choose
    Select
    .
    TIP: If you leave
    CA certificate file
     blank, the local
    Windows
     machine is used to authenticate the user. CA certificate file is required to authenticate against a specific LDAP server or use a Linux client.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.