Gateway General Security Settings
This page determines security permissions for the Gateway and Designer.
Security General Settings Table​
General​
| Setting | Description |
|---|---|
| System Identity Provider | Dropdown list to select the Identity Provider that controls access to the Gateway's web configuration interface and the Designer (only when the Designer Authentication Strategy is set to Identity Provider).An additional option is included below the dropdown that determines whether or not to always ask the IdP to re-authenticate users by default. When enabled, Ignition will always ask the IdP to re-authenticate the user by default. This effectively disables Single Sign-On. |
| Designer Authentication Strategy | Controls how the Designer authenticates users. Options are Classic or Identity Provider.
|
| User Inactivity Timeout | The number of minutes which must elapse before expiring a user's Gateway web interface session to inactivity. Sessions will not timeout if set to any number less than or equal to zero. |
| Allow User Administration | Allows the administration of the Gateway's system user source from the Designer and client. Unless this is enabled, the Vision module's User Management component will be prevented from altering the Gateway's system user source and scripts will not be able to alter users or roles. (Default is false.) |
| Gateway Audit Profile | Dropdown list to select the name of the audit profile that Gateway-scoped actions will log to. |
Designer Authentication Strategy​
The following settings will be applied to Designer users based on the selected authentication strategy.
Classic​
| Setting | Description |
|---|---|
| Allow SSO | Allows single-sign-on authentication for Designer Log In if the System User Source supports it. Default is false. |
| System User Source | This user source controls access to the Designer. |
| Role(s) | Users must belong to one of these roles in order to log in to the Designer. Multiple roles can be specified by separating them with commas. |
Identity Provider​
| Setting | Description |
|---|---|
| Auth Token Inactivity Timeout | The number of minutes which must elapse before a Designer user's auth token will expire due to inactivity caused by a disconnected Session. Must be greater than zero. Default value is 10. |
| Auth Token Time-To-Live | The maximum number of minutes a Designer user's auth token may exist before it expires. If set to any number less than or equal to zero, auth tokens may live forever, unless the auth token expires due to inactivity. |
| Permissions | Check the security levels required for Designer access. If Public, then all users will be given access permissions. This setting also requires confirmation for whether users need to match at least one or all of the checked levels to receive these permissions. |
Roles and Permissions​
| Setting | Description |
|---|---|
| Gateway Write Permissions | Check the security levels required for Write capabilities to the Gateway. If Public, then all users will be given Write permissions, meaning they can interact with all Gateway pages and settings. Users who receive these permissions will also receive Read permissions regardless of settings applied to that field. This setting also requires confirmation for whether users need to match at least one or all of the checked levels to receive these permissions. |
| Gateway Read Permissions | Check the security levels required for Read capabilities to the Gateway. If Public, then all users will be given Read permissions, meaning they can view all Gateway pages and settings. Users who receive these permissions will also receive Access permissions regardless of settings applied to that field. This setting also requires confirmation for whether users need to match at least one or all of the checked levels to receive these permissions. |
| Gateway Access Permissions | Check the security levels required for general access to the Gateway. If Public, then all users will be given Access permissions, which means they will be able to view the Gateway pages within the Home section, with the exception of the Perspective Sessions and Brand Settings pages. This setting also requires confirmation for whether users need to match at least one or all of the checked levels to receive these permissions. |
Create Project Permission Deprecation
The Create Project Permission setting was deprecated in version 8.3.7 in favor of the existing Designer Roles and Permissions settings. See the Create Project Permission page in the Deprecated Manual for more information.