Integrate Geo SCADA Expert User Accounts with Active Directory or LDAP User Accounts

Geo SCADA Expert supports the ability to manage user accounts and user groups centrally outside of Geo SCADA Expert, by integrating its user accounts and user groups with corresponding Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) user accounts and groups.

Active Directory is included in the Windows® Server operating systems on which Geo SCADA Expert can run. If your company uses Active Directory Domain Services (AD DS) to authenticate and authorize users and computers in a Windows domain network, you can integrate Geo SCADA Expert's user authentication with that of the relevant Windows domain controller.

Likewise, if your company uses LDAP for authorizing users over the company network, you can integrate Geo SCADA Expert's user authentication process with the LDAP authentication method.

With either integration scenario, when a new user attempts to log on to Geo SCADA Expert via ViewX or Virtual ViewX, Geo SCADA Expert will attempt to locate an Active Directory or LDAP user with the user credentials that have been entered. If such a user exists in Active Directory/LDAP but not in Geo SCADA Expert, a new user account will be added to Geo SCADA Expert automatically, to correspond with the Active Directory/LDAP user account. To facilitate this, a suitable User Group has to exist in Geo SCADA Expert and be named to match an Active Directory/LDAP group of which the user is a member. The User Group also has to reference a suitable User Pattern - a special type of user account that determines the settings that the new user account will be assigned in Geo SCADA Expert. These settings determine the Geo SCADA Expert features to which the new user has access, the security permissions to which the user is assigned in Geo SCADA Expert, and so on.

By integrating Geo SCADA Expert user groups and user accounts with those in Active Directory/LDAP, system administrators can manage Geo SCADA Expert user accounts centrally in Active Directory/LDAP. In addition to adding new users via Active Directory/LDAP, you can:

Geo SCADA Expert provides the means to cache user passwords. Once a user account exists both in Active Directory/LDAP and Geo SCADA Expert, if the user subsequently logs onto Geo SCADA Expert and the connection to the Active Directory/LDAP server is down, that user will still be able to log on to Geo SCADA Expert. (Providing that the user logs on before the configurable Cached password expiry period is exceeded.)

In order for Geo SCADA Expert to integrate its user accounts and user groups with Active Directory/LDAP, you have to enable both the External Authentication feature and the Create users automatically from group membership option on each Geo SCADA Expert server.

NOTICE

SECURITY THREAT

On systems on which Geo SCADA Expert can Create users automatically from group membership, the incorrect assignment of security permissions on User Patterns and User Groups can compromise the security of the system. Always restrict the security permissions that are allocated to User Patterns, and to User Groups that are integrated with Windows domain groups or LDAP user groups. Only assign those permissions that are actually required, to help prevent the automatic creation of new user accounts that allow Windows or LDAP users to perform high-level tasks, such as shutting down the server.
Failure to follow these instructions can result in equipment damage.

Disclaimer

Geo SCADA Expert 2020