Open topic with navigation

The Validation Process and Logon Restrictions Associated with External Authentication

This topic explains the checks that Geo SCADA Expert performs, as part of the external authentication process, to determine whether a logon attempt is from a valid user that should be allowed to access the database. It also provides information about the logon restrictions that determine whether a logon attempt is successful.

Geo SCADA Expert performs the validation checks on systems on which the External Authentication feature is enabled and configured on the server(s).

When a user attempts to log on to such a Geo SCADA Expert system:

  1. Geo SCADA Expert searches for a Geo SCADA Expert User account with the supplied user name.
    If found, and the credentials match, Geo SCADA Expert logs the user on to the system. (If the Geo SCADA Expert User account is configured to Use External Authentication, Geo SCADA Expert only logs the user on after it has authenticated the user credentials against those of the relevant external user account.)
  2. If Geo SCADA Expert is unable to find such a User account, it searches for a Geo SCADA Expert User account that is configured to Use External Authentication and has an external user name that matches the supplied user name.
    If found, Geo SCADA Expert attempts to authenticate the credentials with those of the external user account. If the credentials match, Geo SCADA Expert logs the user on to the system.
  3. If Geo SCADA Expert is unable to find a Geo SCADA Expert User account that qualifies for either of the steps above, and is configured to Create users automatically from group membership, it attempts to authenticate the logon criteria against an external user account that uses the supplied user name.
    If found,  Geo SCADA Expert will create a new Geo SCADA Expert User account with the supplied user name and password (providing that a suitable User Pattern and User Group configuration exist in the database).
  4. If Geo SCADA Expert is unable to find a Geo SCADA Expert User account with a user name or external user name that matches the supplied user name, and Geo SCADA Expert is not configured to Create users automatically from group membership, the logon attempt will fail. The same applies if the user was not successfully authenticated on the external system.

 

The ability of a user to log on to Geo SCADA Expert successfully varies, depending on the external authentication configuration setup (see Summary of Configuration Settings Relating to External Authentication). The table below indicates how the different configuration setups affect logon. In each case, it is assumed that the mentioned user account has valid configuration and no other factors are preventing successful log on (for example, if the user account is a Geo SCADA Expert User account, it is enabled in the database, meets other security criteria, the password has not expired, and the number of failed logon attempts has not been exceeded).

The numbers at the top of the Logon Requirement column below correspond to following:

  1. Attempt to log on to Geo SCADA Expert using a valid Geo SCADA Expert User account (for which no corresponding Windows domain or LDAP user account exists).
  2. Attempt to log on to Geo SCADA Expert using a valid Geo SCADA Expert User account (for which the Use External Authentication check box is selected to indicate that a corresponding Windows domain or LDAP user account exists).
  3. Attempt to log on to Geo SCADA Expert using a Windows domain group or LDAP user name (for which a corresponding Geo SCADA Expert User account exists in the database).
  4. Attempt to log on to Geo SCADA Expert using a Windows domain group or LDAP user name (for which no corresponding Geo SCADA Expert User account exists in the database).

For more information about the Configuration Setup options, see Summary of Configuration Settings Relating to External Authentication.

Configuration Setup Logon Requirement
External Authentication enabled Allow Login to Geo SCADA Expert with Windows/LDAP User Names Allow Automatic User Creation 1 2 3 4
No --- --- Log on as normal ---
Log on fails
Log on fails
Yes No No Log on as normal Log on after external authentication with corresponding Windows/LDAP user name
Log on fails
Log on fails
Yes Yes No Log on as normal Log on after external authentication with corresponding Windows/LDAP user name Log on after external authentication with corresponding Windows/LDAP user name
Log on fails
Yes Yes Yes Log on as normal Log on after external authentication with corresponding Windows/LDAP user name Log on after external authentication with corresponding Windows/LDAP user name New Geo SCADA Expert User created after external authentication with provided Windows/LDAP user name

Further Information

Enable External Authentication: see Using External Authentication with Geo SCADA Expert.

Allow Login to Geo SCADA Expert with Windows/LDAP User Names: see Using External Authentication with Geo SCADA Expert.

Allow Automatic User Creation: see Integrate Geo SCADA Expert User Accounts with Active Directory or LDAP User Accounts.

Disclaimer

Geo SCADA Expert 2020

© 2020 AVEVA Group Plc.  All Rights Reserved.

The Schneider Electric industrial software business and AVEVA have merged to trade as AVEVA Group plc, a UK listed company. Schneider Electric, Life is On Schneider Electric and EcoStruxure are trademarks and the property of Schneider Electric SE and are being licensed to AVEVA by Schneider Electric.