Gateway General Security Settings
Restricting Gateway Access
Watch the videoThis page determines security permissions for the Gateway and Designer.
Gateway Security Settings Table​
Setting | Description |
---|---|
System Identity Provider | Dropdown list to select the Identity Provider that controls access to the Gateway's web configuration interface and the Designer (only when the Designer Authentication Strategy is set to Identity Provider).Additional option to always ask the IdP to re-authenticate users by default. When enabled, Ignition will always ask the IdP to re-authenticate the user by default. This effectively disables Single Sign-On.This field is required. |
Designer Authentication Strategy | Controls how the Designer authenticates users. Options are Classic or Identity Provider.
|
Designer Auth Token Inactivity Timeout | ​ New in 8.1.24 (Identity Provider strategy only) The number of minutes which must elapse before expiring a designer user's auth token due to inactivity caused by a disconnected session. Must be greater than zero. Default value is 10. |
Designer Auth Token Time-To-Live | ​ New in 8.1.24 (Identity Provider strategy only) The maximum number of minutes a designer user's auth token may exist before it expires. If set to any number less than or equal to zero, auth tokens may live forever, as long as the auth token has not expired due to inactivity. |
Designer Permissions | (Identity Provider strategy only) Select one of the following options:
|
Create Project Permissions | (Identity Provider strategy only) Enter the security levels required to create a new project, for example, Authenticated/Roles/Administrator, SecurityZones/localhost.. Then select one of the following options:
|
System User Source | (Classic authentication strategy only) This user source controls access to the Designer. This field is required. |
Designer Role(s) | (Classic authentication strategy only) Enter the roles required for access to the Designer. Users must belong to at least one of these roles in order to log into the Designer. Multiple roles can be specified by separating them with commas, for example: Administrator, Operator. |
Create Project Role(s) | (Classic authentication strategy only) Enter the roles required for create a new Designer project. Users must belong to at least one of these roles in order to create a new Designer project. Multiple roles can be specified by separating them with commas, for example: Administrator, Operator. |
Gateway Config Permissions | Enter the security levels required for access to the Gateway Config section. Then select one of the following options:
|
Status Page Permissions | Enter the security levels required for access to the Gateway Status section. Then select one of the following options:
|
Home Page Permissions | Sets the security levels required to access the Gateway Home section. Then select one of the following options:
|
User Inactivity Timeout | ​ New in 8.1.1 The number of minutes which must elapse before expiring a user's Gateway web interface session to inactivity. Sessions will not timeout if set to any number less than or equal to zero. |
Allow User Admin | Allows the administration of the Gateway's system user source from the Designer and client. Unless this is enabled, the Vision module's 'User Management Component' will be prevented from altering the Gateway's system user source and scripts will not be able to alter users or roles. (Default is false.) |
Allow Designer SSO | Allows single-sign-on authentication for logging into the Designer if the System User Source supports it. The Designer SSO capability is only available when the Designer Authentication Strategy is set to Classic. (Default is false.) |
Gateway Audit Profile | Dropdown list to select the The name of the audit profile that Gateway-scoped actions will log to. |