Step 6. Enable Automatic Log Ins
About this task
Enable/Disable Windows Authentication
About this task
Procedure
- Open the Windows Authentication dialog box.
-
Select Enable Windows Authentication.
The following options become available: Allow Configuration Auto Login and Allow Auto Login.Note: If only Enable Windows Authentication is selected and if the Windows user is a member of a selected group, CIMPLICITY will:
- Open a CIMPLICITY Login dialog box.
- Check the Windows/password credentials.
- Look for the user in the Selected Groups.
- Give the user CIMPLICITY/Proficy Change Management (PCM) access based on the first group in which the user is found.
-
Select one of the following configurations:
Allow Auto Login Allow Configuration Auto Login Description Checked Clear If the Windows user is a member of a selected group, CIMPLICITY will:
- Look for the user in the Selected Groups.
- Automatically log in the user to CIMPLICITY based on the first group in which the user is found.
- Assign the user the role/resources assigned to that group. Users have to manually log into CIMPLICITY to do configuration if CIMPLICITY Configuration Security is enabled and to manually log into Proficy Change Management (PCM).
- Manually log into CIMPLICITY to do configuration if CIMPLICITY Configuration Security is enabled.
- Manually log into Proficy Change Management
Checked Checked Users can potentially be automatically logged into: - CIMPLICITY configuration.
- CIMPLICITY runtime.
- Proficy Change Managements (PCM) projects.
Clear Checked When Windows Authentication is enabled, Windows Authentication: - Reads the current logged in Windows user.
- Does the following if the user is new to CIMPLICITY/not listed in the project:
- Prompts the user for a CIMPLICITY valid name/password.
- Creates a CIMPLICITY user based on the valid name/password.
- Assigns the user the role/resources assigned to the Windows Authentication group that the user is in.
- Automatically logs the user into CIMPLICITY based on the first Windows Authentication group in which the user is found.
- Automatically logs the user into CIMPLICITY based on the first Windows Authnetication group in which the user is found.
- Automatically logged into CIMPLICITY to do configuration even if CIMPLICITY Configuration Security is enabled.
A failure message may display for a user who does not have Workbench privileges; a Configuration Login dialog box will open to prompt the user for valid credentials.
A Valid user can enter either of the following in the Configuration Login dialog box:- <domain>/<username>
- <username>
- Automatically logged into a Proficy Change Management (PCM) project.
- The automatic logon applies only to PCM project properties, not to PCM computer properties.
- An automatic PCM logon can occur based on selections in the Project Properties dialog box>Change Management tab:
- As soon as the Workbecnh starts up if Logon at Workbench startup is checked.
- If Prompt for user name and password at logon is not checked.
- Based on whether or not a username/password that is entered for CIMPLICITY/PCM is valid or invalid.
Important: Close and reopen the Workbench after Allow Configuration Auto Login is checked.
Windows Authentication Guidelines
- When a user:
- Attempts to log into CIMPLICITY, if the Windows user name/password are not valid or CIMPLICITY does not find the user in any of the groups, the user is denied CIMPLICITY access.
- Logs into CIMPLICITY for the first time using Windows authentication, that user is automatically added to CIMPLICITY's list of users.
- Is listed in the CIMPLICITY list, user specifications can be modified the same way as for any other user.
- When the new Windows Authentication module tries to validate a user with auto log in, If Windows Authentication does not have a valid user/password to use to query the domain controller, it uses the current user that the process is running under.
On a default installation Windows authentication runs as a system user; depending on how the domain is set up there is a good chance that the system user will not have the ability to query the domain.
To make sure Windows authentication can query the domain:
Procedure
- Open the Services control panel.
- Make the CIMPLICITY HMI service run under a domain account that has privileges to query the domain.