PI Vision
Welcome to the PI Vision (formerly PI Coresight) feedback page!
We created this forum to hear your ideas, feature suggestions and feedback on PI Vision. Please suggest your most important features and design change ideas on this site, and vote for your favorite ideas.
Please note that your ideas and comments posted here are visible to all other users.
- For bugs, please open a case with OSIsoft Tech Support through myOSIsoft Customer Portal (https://my.osisoft.com) instead of sharing them on this site.
- For documentation feedback and bugs, please report to documentation@osisoft.com instead of sharing them on this site.
-
Log out capability
We would like to change users often. Could we have a logout button or something similar?
86 votes -
PI Vision Access Control Management
There should be provision of granting access to PI Identities or PI users on PI Vision using PI Vision admin webpage.
51 votes -
Single Sign-On (SSO) using claims authentication in PI Vision
Integration with enterprise ‘non-windows’ (claims) authentication systems.
A significant number of customers in my region are not using/don’t plan to adopt WIS as their authentication policy. As a result many of them are not using Windows AD.
Customers need PI Vision to be more flexible: PI Vision should be able to be integrated with their chosen SSO system.
34 votesPlease tell us more about your use case! What Identity provider would you use? Would you use this to make PI Vision available outside the business network?
-
Have displays automatically inherit folder permissions
As a PI Vision admin, I would like displays to automatically inherit the permissions of their parent folder so that permissions are set automatically when users save displays to the appropriate folder.
Currently permissions for folders and displays are not tied together but they can be propagated manually using the 'Propagate permissions' checkbox in the Folder Settings dialog.
31 votes -
Support AF Identities from Multiple Servers
Currently, only 1 AF server is configured to provide identities for vision display security. Displays can show data from multiple AF servers, which could have different security mappings. It would be nice to be able to pull identities from multiple AF servers for display security that matches the AF security that already exists.
25 votes -
Restrict user tag search of the PI Data Archive in PIVIsion
Ability to restrict Pi Vision users to use the PI Data Archive tag search when building displays.
There exists a feature to restrict user access to AF Databases in the PIVision\admin\UserSettings. However, there is no way to restrict PI Vision users from the PI Data Archive.
Or be able to rename the PI DA symbol in the search.13 votes -
Login timeout setting
when I login for a long time and without action,automatic logout is necessary
10 votes -
Authenticate with PI Vision base application before redirecting to URL fragment
When using Microsoft Azure AD Application Proxy to publish the PI Vision site externally. We are requiring 2FA to access the PI Vision site. What we're finding if a user bookmarks a PI Vision site, the Azure AD, by design, truncates the PI Vision paths after the # symbol upon a brand new browser window.
https://docs.microsoft.com/en-us/answers/questions/23558/azure-application-proxy-relaystate-uri-getting-tru.html
The workaround as described in Microsoft's article would be to:change PI Vision, so that it authenticates first with the base application before making these calls using javascript, or
to change PI Vision to append the URL fragment to the redirect once the redirects…
8 votes -
Remove use of cookies for claims authentication
PI Vision currently makes use of cookies for it's implementation of claims authentication. Google Chrome is phasing out third party cookies, as you can read here: https://www.bounteous.com/insights/2020/04/09/google-chrome-third-party-cookies
This means that in the future third party cookies won't be supported by Chrome anymore, which will break PI Vision's claims authentication.
As all major browser vendors will likely follow this path an alternative solution is needed.
8 votes -
PI Vision folder access
Customers would like to fully controll access to folders and sub-folders without having administrator access to the entire PI Vision server.
Multiple organization specific folders with their own "administrators"
Theese folder-admins can take ownership and modify displays in their folder but no other folders.At the moment only administrators and the owner can change owner on displays.
7 votes -
Bulk Edit Folder Permissions
Having folders of the same level, you need to go one by one and manage the permissions. To fix this, have the ability to select numerous folders and manage the permissions for them all.
6 votes -
Add support for TLS 1.3
The highest version of TLS that PI Vision currently supports by default is 1.2. Please add support for TLS 1.3 to make PI Vision load faster and more securely.
5 votes -
Drop support for TLS 1.0 & TLS 1.1
Please drop support for TLS 1.0 & TLS 1.1. These have been known to be insecure protocols for a while now, are not supported by modern browsers, and have been superseded by TLS 1.2 & TLS 1.3.
"Compatibility with older browsers" is not a good reason to keep them around, since even Internet Explorer supports TLS 1.2 & TLS 1.3. Anyone using an older browser should upgrade for their own good.
4 votes -
Acknowledge Event Frames in PI Vision Without Kerberos
As a PI Vision administrator, it would be helpful for PI Vision Event acknowledgement and annotation to function without Kerberos delegation. This would allow the feature to work on cross domain environments where Kerberos may not be possible.
4 votes -
PI Vision admins manage identities stored in back-end to clean up old removed identities and their display sharing settings
PI Vision admins should be able to manage Identities to review and delete stale Identity entries from the SQL back-end, along with any display sharing for them. Since PI Vision administrators have no way of managing the Identities on their Vision server, they cannot clean up identities that were deleted or were from an old AF Server.
4 votesThis issue is being tracked as a bug reported through Tech Support:
https://customers.osisoft.com/s/knowledgearticle?knowledgeArticleUrl=2471263140651960241-217230We will delete this enhancement request shortly and track other customers running into this bug through TechSupport.
-
Allow to modify a read-only display if I am the owner
As a owner of a display, i would like to be able to modify it even if it is marked as read-only.
Actually, I need to go on the main page, uncheck the read-only, edit the display, save it, and back to the home page again to modifiy to read-only again
4 votes -
Provide PI Vision security artifacts in external documentation
Currently PI Vision documentation does not provide any artifacts from security development tools such as web application security scanners that can be used by organizations to assess vulnerabilities and inform best practice configuration based on the artifacts.
3 votes -
PI Vision support for OAuth 2.1
PI Vision's current CTP claims implementation is based off of OAuth 2.0. With OAuth 2.1 coming out PI Vision's claims implementation will need to be revised to be compliant with the new version of the framework. Specifically OAuth 2.1 is removing the implicit grant type which PI Vision requires in order to recieve tokens from the authorization endpoint of the identity provider.
2 votes -
The Security Configuration for Home
It is needed to be able to set the security for Home, not just for each folder under Home. This is because each display can be properly organized with the security. Without it, let's say that a PI Vision admin does not want to allow each PI Vision user to save a new display into Home, but the admin wants to allow them to do it into a specific folder depending on which group the users belongs to. However, since Home does not have its own security, it is not possible. On the other hand, if a user is set…
2 votes -
Vision Display Utility to support Claims Based Authentication
In v2019, the PI Vision Display Utility cannot connect to PI Vision servers using Claims based Authentication. The utility can connect to a PI Vision server configured for claims authentication, but since it doesn't support claims it must connect with Windows authentication.
2 votes
- Don't see your idea?