PME User Authentication using Windows Credentials Presented by
PME User Authentication using Windows Credentials Presented by: Mike Munro Software & Systems | Power Solutions Confidential Property of Schneider Electric
Background Confidential Property of Schneider Electric | Page 2
Windows Authentication – what is it? Windows Authentication will allow users to log into PME using their Windows credentials. • Windows user credentials can be managed locally or in Active Directory (AD). • Windows credentials also specify which applications users can access. • Many large companies use AD to maintain user credentials on their network, and enforce IT policies such as password complexity. • This feature will provide Active Directory support in PME, allowing us to comply with this common IT requirement. This is the topic today Confidential Property of Schneider Electric | Page 3
What value does this feature bring? Common IT request: “Does the application use Active Directory or LDAP for authentication? ” – customer IT questionnaire “The requirement to change passwords every 30 days is a major headache…they are considering adding active directory/LDAP support as a specification requirement” – Ford Global Account Director Meet requirements of IT departments Minimum scope Desired scope Increased Cybersecurity Streamlined end-user experience Confidential Property of Schneider Electric | Page 4
Demo Confidential Property of Schneider Electric | Page 5
Workflow Current user setup process These access levels are pre-defined in PME Login to Windows as Admin user Install PME Set default supervisor password Confidential Property of Schneider Electric | Page 6 Login as supervisor user Create PME users with passwords and access levels
Workflow Proposed user setup process Setup users and groups in AD Groups can be any new or pre-existing groups. Later, these will be mapped to PME Access Levels Confidential Property of Schneider Electric | Page 7
Workflow Proposed user setup process Setup users and groups in AD Login to Windows as Admin user The default PME Access Levels would continue to be used with Windows Authentication Install PME Set default supervisor password Confidential Property of Schneider Electric | Page 8 Login as supervisor user Login as Supervisor-level Windows user Map AD groups to PME Access Levels Delete PME supervisor user
Mockup only Map AD groups to PME Access Levels Confidential Property of Schneider Electric | Page 9
Logging into the web and applications • • For the user, the interface will be unchanged. The user will simply enter their windows credentials instead of PME credentials. Web client login Engineering client login OR…credentials could be passed automatically without a login (i. e. Windows Single Sign-On) Confidential Property of Schneider Electric | Page 10
Open questions – to be validated • Should PME authentication be disabled if Windows Auth is selected? • Is it OK to use our PME application user during the install process? • Tracking of which Windows users have actually logged in? • Single Sign-on – is this a “nice to have” or mandatory? • PME Groups (used today for Reports permissions) – how to manage, and terminology we use • SQL Authorization – most IT dept’s want to remove this Confidential Property of Schneider Electric | Page 11
- Slides: 12