Security
Security options in Ignition provide many ways to safeguard access to your data and applications. You control not only who accesses your systems, but when and where they can access them. Ignition offers two authentications strategies: Classic Authentication Strategy or Identity Provider Authentication Strategy.
Gateway Security​
Security in Ignition falls into a few categories, tying into the various scopes (Designer, Gateway, Vision Clients and Perspective Sessions). In the Gateway scope, the bulk of security setup happens under the Config section of the Gateway Webpage, under the Security header, you'll find pages for authentication, role mappings, and zones.
The primary purpose of Gateway security is to protect access to the two most critical areas of Ignition: the Designer and the Gateway. Many important resources are configured in these areas, so access to each Gateway section (Status and Config), as well as the Designer, can be limited by Security Level.
Authentication Strategies​
In regard to authentication and permissions, there are two approaches.
Classic Authentication Strategy (Designer and Vision Only)​
Classic Authentication Strategy involves a concept known as a User Source, which is a configuration that contains multiple roles and users. Users are assigned roles, and security restrictions within a project can be used to check if a user has one or more roles. User Sources can be "internal", meaning all users and roles are contained within an Ignition Gateway, or externally stored in an SQL database. Furthermore, User Sources offer integration with Active Directory.
Identity Provider Authentication Strategy​
Ignition can also integrate with Federated Identity Providers (IdP), allowing users to authenticate against a trusted third party. The Identity Provider Authentication Strategy works by assigning Security Level restrictions to various features within Ignition, and utilizing User Attribute Mapping and Security Level Rules to assign Security Levels to users.
Ignition can integrate with both OpenID Connect and Security Assertion Markup Language (SAML) providers. In addition, Ignition can act as an Identity Provider for isolated systems.