Windows Authentication

You can easily integrate and leverage your company's Active Directory Domain Services (AD DS) with FactoryStudio. Using AD DS, you can easily setup security and permission settings for users and groups within your project. 

For more information about Active Directory, view this link to a Microsoft article.

To enable Windows Authentication in your project, please go to Info>Project>Redundancy and select the checkbox “Windows Authentication”.

 

When using Windows Authentication, a project's user management is disabled and is controlled by Windows. The project will use the Windows user that is logged into the computer. 

When you are using client instances, the server computer will validate the user for the client. The server computer needs to have the same Windows user as the one that is logged into the client computer, and they must both be in the same domain group. 

After the user validation, the user’s Windows group will determine which project Security Permission will be used. It will search in the project Security Permission for the same Windows Group name. If it finds the exact same name, the Security Permission will be used in the project for the logged in User. If any names do not match, the Permission Guest will be used.

You need to verify which port is being used in the project for the Windows Authentication. By default, clients will use the 3102 port. However, this can be changed in the command line or URL when starting a client display. 

Example of the TSmartClient URL using Windows Authentication:

http://127.0.0.1/fs-2016.2/TSmartClient.application?port1=3102&wa=true


LDAP Server

To enable the LDAP Server in FactoryStudio, please go to Info>Project>Settings. Then, type the LDAP server's name in the AD/LDAP Server field.

To integrate the LDAP Server, the only customization that you need to do is use the AD/LDAP Server under Info > Project > Settings. 

The project Client.LogOn() method in the LOGON page will work properly after enabling the LDAP Server.

When this method is called, it will check the project for an Engineering user. If none are found, it will check for a runtime user. If no runtime users are found, it will check for a LDAP user if the LDAP Server is configured. The first user that is found and validated will be the user that is logged into the project. 

After the user validation, the user’s Windows group will determine which project Security Permission will be used. It will search in the project Security Permission for the same Windows Group name. If it finds the exact same name, the Security Permission will be used in the project for the logged in User. If any names match, the guest permission will be used.

  • No labels