Security in Ignition falls into a few categories, and the bulk of the setup happens in the Gateway Webpage. Under Security in the Config section of the Gateway Webpage, you'll find pages for authentication, role mappings, zones, and more.
Security with User Sources
Role-based security works under the concept that each user may be assigned to various roles. Security policies are then defined in terms of these roles, rather than defined for specific users. An example of roles could be an Administrator role that has access to the Designer and the client or session or an Operator roles that have access only to windows or views that pertain to their jobs. Roles allow users to be reassigned, removed, and added without affecting the logic of the security policy.
The users and their roles are stored in User Sources. An Ignition Gateway may have many different User Sources defined, each governing the security of different aspects of the Gateway. For example, logging into the Gateway might be governed by one User Source, while the security in a project is governed by another. The example below shows the Users and Roles screen after user "Arthur" has been updated.
There are several types of User Sources that offer various features. For example, the Internal User Source offers the ultimate in ease-of-use: you simply define the users, their passwords, and the roles within the Ignition Gateway configuration web interface. In contrast, the Active-Directory User Source offers the power of integrating Ignition with a corporate security infrastructure. Users, passwords, and roles would be managed centrally by the IT department.
Security with Identity Providers
Identity Providers and Security Levels are currently only available for use with the Perspective module.
Identity Providers (IdPs) offer user authentication as a service. An IdP creates, maintains, and manages identity information for principals while providing authentication services to relying party applications within a federation or distributed network. Authentication of the user is handled by the IdP. Ignition can connect to these three different types of IdPs:
- Ignition's internal IdP
- OpenID Connect 1.0
- Security Assertion Markup Language (SAML)
IdPs are set up at the Gateway level. Security Levels are also set through the Gateway. The Security Levels enable you to define a hierarchy of access inside a Perspective Session.