Open topic with navigation

Define whether a User is Associated with a Windows or LDAP User Profile

If the External Authentication feature is enabled at the ClearSCADA server, each ClearSCADA user account can be associated with a Windows or LDAP User Profile. This allows network administrators to disable ClearSCADA user accounts and manage user account passwords without accessing ClearSCADA - they apply changes to the Windows or LDAP User Profiles and these changes are automatically applied to the associated ClearSCADA user accounts.

For a ClearSCADA user account to be associated with a Windows or LDAP User Profile, the following criteria has to be met:

To configure a user account so that it makes use of the Use External Authentication feature:

  1. Display the User Form.

    On User Pattern Forms, the Use External Authentication and Windows/LDAP User Name properties are 'grayed out' and unavailable for use. The former property is enabled but provided for information only, as User Patterns only apply to systems on which External Authentication is enabled. The latter property does not apply to the User Pattern itself; it only applies to the User accounts for which the User Pattern provides other settings.

  2. Select the General tab.
  3. Use the Use External Authentication check box to define whether the user account is associated with a Windows or LDAP User Profile. (The check box is only available if the External Authentication feature is enabled at the ClearSCADA server.)

    Either:

    1. Select the check box to associate the user account with a Windows or LDAP User Profile.

    2. Specify the name of the Windows or LDAP User Profile in the Windows/LDAP User Name field. (The field is only displayed if the External Authentication feature is enabled at the ClearSCADA server.)

      If the Allow login to ClearSCADA with Windows/LDAP user names check box is clear in the server configuration, the ClearSCADA user account has to have exactly the same name as the Windows or LDAP User Profile. For example, a ClearSCADA user account named 'S Wilkins' can only be associated with a Windows or LDAP User Profile named ‘S Wilkins'. Additionally, the name of the Windows or LDAP User Profile has to adhere to the ClearSCADA naming restrictions. If such a Windows or LDAP User Profile does not exist in your network, the ClearSCADA user account will be unable to log on to ClearSCADA (as the user account and password have to be verified against a corresponding Windows or LDAP User Profile).

      If the Allow login to ClearSCADA with Windows/LDAP user names check box is selected in the server configuration, the name of the Windows or LDAP User Profile does not have to match the name of the ClearSCADA user account, nor does it have to adhere to the ClearSCADA naming restrictions. (For more information, see Using External Authentication with ClearSCADA).

      If configured to do so, ClearSCADA might be triggered to create a new User account automatically, as part of its external authentication process. On creation of such a User account, ClearSCADA will populate the Windows/LDAP User Name field of that User account automatically, to show the name of the Windows or LDAP user that triggered the creation of the new User account in ClearSCADA. For more information, see Integrate ClearSCADA User Accounts with Active Directory or LDAP User Accounts, and see Provide Settings for Automatic User Creation.

    Or:

    • Clear the Use External Authentication check box if the user account is not associated with a Windows or LDAP User Profile. In this case, you can only disable, enable and change the password settings of the user account from within ClearSCADA.
  4. Save the configuration.

Related Topics Link IconFurther Information

Disclaimer

ClearSCADA 2017 R2

© 2018 AVEVA Group Plc.  All Rights Reserved.

The Schneider Electric industrial software business and AVEVA have merged to trade as AVEVA Group plc, a UK listed company. The Schneider Electric and Life is On trademarks are owned by Schneider Electric and are being licensed to AVEVA by Schneider Electric.