Home / Resources / How To: Use Active Directory® Authentication with FactoryPMI™

How To: Use Active Directory® Authentication with FactoryPMI™

Microsoft’s Active Directory authentication technology is secure and in widespread use throughout the industrial landscape. By using Active Directory authentication in FactoryPMI, you ensure that access to your HMI/SCADA application is governed by a well-maintained, secure authentication source. In addition, compliance with the FDA’s 21CFR part 11 mandates that you use Active Directory! FactoryPMI has long supported Active Directory authentication. With FactoryPMI version 2.2.0, this support just got easier to configure and more flexible. In this article, we’ll demonstrate how to set up FactoryPMI’s Active Directory authentication feature.

Authentication Profiles
FactoryPMI can concurrently support many different types of authentication through use of authentication profiles. Each profile defines a different way to authenticate users. Each project can then choose which profile to use. To get started, we need to add a new authentication profile of type “Active Directory”. First, log into the configuration section of your FactoryPMI Gateway. Next, choose “Profiles” under “Authentication” in the menu. Then press the “Add Profile” button. You’ll see a screen that looks like this. Hit “Next”.

The settings for the Active Directory profile are simple. Basically all you need are your domain name, the address of your domain controller(s), and a username/password pair so that the FactoryPMI designer can log in to retrieve the list of all possible roles.

Testing and Tuning
That’s it - your Active Directory authentication profile is complete. To test it out, edit your project and make it’s Authentication Profile be your new profile. Now try to log in. Use the username and password that you log into Windows with. If you have any problems, give us a call or ask a question at our user forum at http://www.inductiveautomation.com/forum. If you’re finding that the role listing function in the Designer is going too slow, you may need to tune your Active Directory profile. Suppose all of your roles are stored below some sub folder in your Active Directory tree, such as MyCompany.com/Users/Roles. Then edit your Active Directory authentication profile and modify the Role Search Base property to something like: "OU=Users,DC=Mycompany,DC=com". This will make the role search faster by searching less of the Active Directory tree.

Now sit back and enjoy the security and convenience of centralized user management!

About Inductive Automation
Inductive Automation pioneered the first full featured web-launched HMI/SCADA system in the world. Its standards based, database-centric architecture receives accolades from plant managers, IT managers, and system integrators worldwide. With a commitment to software quality and technical support second to none, Inductive Automation is the rising star in the industrial software landscape.

Jim Meisler
(800) 266-7798 x27
published: 04/30/14