You're currently browsing the Ignition 8.0 docs. Click here to view the latest docs.

Ignition's OPC UA server, provided by the OPC UA module, allows an ignition installation to utilize Ignition's various device driver modules. In addition, with the module installed, OPC UA clients can connect to Ignition's UA server, exposing any connected devices to 3rd party systems. 

Settings for the server can be found under the Config section of the Gateway's web interface. On the sidebar, locate OPC UA > Server Settings

Default Credentials

Ignition's OPC UA server does not initially support anonymous access, but can be configured to do so (see the settings table below). Authenticated connection require the following credentials:


Note that new installations of Ignition will automatically create the user above, allowing the gateway to initially connect as a UA client to its own UA server. 

Connecting with UA Discovery

Ignition's OPC UA server is initially, and intentionally, difficult to discover on new installations. To aid with discovery attempts, a separate unsecured endpoint is available, allowing UA clients a means of finding the server. When attempting to discover the server, the endpoint UR should include "/discovery" at the end:


On this page ...

OPC UA Server Settings

Changes made to any of the following OPC UA Server settings requires a restart (of either the gateway or the OPC UA module) before they changes will take effect. 

The table below represents settings on Ignition's OPC UA server. They'll only become available if the OPC UA Module is installed on the gateway. 

SettingDescriptionDefault value

Endpoint Configuration

Bind Port

The port the UA server will bind to.

Bind AddressesThe address the server will bind to. If you want to expose the OPC UA server to external sources, you need to use or the IP address of the computer.
Endpoint Addresses

A comma separated list of endpoint addresses that the UA server can be reached at. It is important that this is set to addresses that can be reached by any UA clients attempting to connect to the server.

When entering addresses into this property, they can be just an IP address or hostname:

Alternatively, angled brackets can be used. When applied to an address, the server attempts to find the hostname, or resolve the value to as many addresses or hostnames as it can find.

Security Policies

A comma separated list of acceptable security policies. Available policies are:

  • None 
  • Basic256Sha256
  • Aes128_Sha256_RsaOaep
  • Aes256_Sha256_RsaPss

In addition, the following deprecated policies are available, but not recommended:

  • Basic128Rsa15 (deprecated)
  • Basic256 (deprecated)


Anonymous Access AllowedSpecifies if UA clients are allowed to connect to this server anonymously. While false, client connections are required to authenticate with the server.
User SourceWhich user source contains the initial user for authenticated access. Credentials for the initial user can be found above.

Attempts to use the 'opcua-module' user sources


Expose Tag ProvidersWhen enabled, Ignition Tag Providers will be exposed through the UA server, allowing third-party UA clients to access tags in the provider.


Backup Bind Addresses

The local addresses that the UA server will attempt to bind to while the backup server in a redundant pair.

Backup Endpoint Addresses

The endpoint addresses that the UA server can be reached at while the server is configured as the backup in a redundant pair. The notation on this property is similar to the Endpoint Addresses property above, in that angled brackets can be used with each hostname and IP address.

Read-only When Inactive Node

When enabled, this server switches to a read-only state while its gateway is the inactive node in a redundant pair.


  • No labels