Gateway General Security Settings

Restricting Gateway Access

Watch the video

This page determines security permissions for the Gateway and Designer.

Security General Settings Table

General

Setting	Description
System Identity Provider	Dropdown list to select the Identity Provider that controls access to the Gateway's web configuration interface and the Designer (only when the Designer Authentication Strategy is set to Identity Provider). An additional option is included below the dropdown that determines whether or not to always ask the IdP to re-authenticate users by default. When enabled, Ignition will always ask the IdP to re-authenticate the user by default. This effectively disables Single Sign-On.
Designer Authentication Strategy	Controls how the Designer authenticates users. Options are Classic or Identity Provider. Classic: The Classic strategy requires the user to enter their username and password in an embedded login form in the Designer. Classic authentication is performed against the System User Source. Identity Provider: The Identity Provider strategy redirects the user to their IdP in their web browser in order to authenticate. The System Identity Provider setting controls which Identity Provider the user is redirected to. Additional options on this screen will change depending on the Designer Authentication Strategy that is selected here.
Designer Auth Token Inactivity Timeout	(Identity Provider strategy only) The number of minutes which must elapse before expiring a Designer user's auth token due to inactivity caused by a disconnected session. Must be greater than zero. Default value is 10.
Designer Auth Token Time-To-Live	(Identity Provider strategy only) The maximum number of minutes a Designer user's auth token may exist before it expires. If set to any number less than or equal to zero, auth tokens may live forever, as long as the auth token has not expired due to inactivity.
Allow Designer SSO	(Classic authentication strategy only) Allows single-sign-on authentication for logging into the Designer if the System User Source supports it. (Default is false.)
System User Source	(Classic authentication strategy only) This user source controls access to the Designer. This field is required.
User Inactivity Timeout	The number of minutes which must elapse before expiring a user's Gateway web interface session to inactivity. Sessions will not timeout if set to any number less than or equal to zero.
Allow User Administration	Allows the administration of the Gateway's system user source from the Designer and client. Unless this is enabled, the Vision module's User Management component will be prevented from altering the Gateway's system user source and scripts will not be able to alter users or roles. (Default is false.)
Gateway Audit Profile	Dropdown list to select the name of the audit profile that Gateway-scoped actions will log to.

Roles and Permissions

Setting	Description
Designer Permissions	(Identity Provider strategy only) Select one of the following options: Users must belong to all of these security levels in order to log in to the Designer. Users must belong to at least one of these security levels in order to log in to the Designer. Caution: Empty value in this field means "Public" security level: Access will be unrestricted.
Designer Role(s)	(Classic authentication strategy only) Enter the roles required for access to the Designer. Users must belong to at least one of these roles in order to log into the Designer. Multiple roles can be specified by separating them with commas, for example: Administrator, Operator.
Create Project Permission	Check the security levels required to create a new project in the Designer. Users must belong to at least one of these roles in order to create a new Designer project. If Public, then all users will be given Write permissions. This setting also requires confirmation for whether users need to match at least one or all of the checked levels to receive access.
Gateway Write Permissions	Check the security levels required for Write capabilities to the Gateway. If Public, then all users will be given Write permissions, meaning they can interact with all Gateway pages and settings. Users who receive these permissions will also receive Read permissions regardless of settings applied to that field. This setting also requires confirmation for whether users need to match at least one or all of the checked levels to receive these permissions.
Gateway Read Permissions	Check the security levels required for Read capabilities to the Gateway. If Public, then all users will be given Read permissions, meaning they can view all Gateway pages and settings. Users who receive these permissions will also receive Access permissions regardless of settings applied to that field. This setting also requires confirmation for whether users need to match at least one or all of the checked levels to receive these permissions.
Gateway Access Permissions	Check the security levels required for general access to the Gateway. If Public, then all users will be given Access permissions, which means they will be able to view the Gateway pages within the Home section, with the exception of the Perspective Sessions and Brand Settings pages. This setting also requires confirmation for whether users need to match at least one or all of the checked levels to receive these permissions.