How can we improve the PI Server?

PI System Security with OpenID Connect/OAuth2/Active Directory Federated Services (ADFS)

Please consider enabling PI System Security to use Active Directory Federated Services (ADFS)[OpenID Connect/OAuth2]--the interfaces, buffer, integrators, PI Vision, etc... 

As organizations move to Office365 and Cloud/Internet services, this would make authentication/use outside a company's network easier.

10 votes
Sign in Sign in with OSIsoft
Signed in as (Sign out)

We’ll send you updates on this idea

dunivanm shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

3 comments

Sign in Sign in with OSIsoft
Signed in as (Sign out)
Submitting...
  • Florisz commented  ·   ·  Flag as inappropriate

    I looks like the request somehow answers my question as if the PI System does not support ADFS authentication? Does this counts for PI Vision as well?

  • Vincent Kaufmann commented  ·   ·  Flag as inappropriate

    In response to Floris Zwaard, "I looks like the request somehow answers..."
    While the AF and Data Archive servers don't yet support an OpenId/OAuth authentication scheme, both the PI Web API and PI Vision currently do but with a necessary protocol transition when authenticating to their back end resources.

  • rygg commented  ·   ·  Flag as inappropriate

    Very good proposal. May I suggest building on today's mapping of Active Directory objects (users and/or security groups) to PI+AF Identities by extending with the possibility to map token claims to PI+AF Identities. This would maintain backwards compatibility as well as supporting the new feature request.

Feedback and Knowledge Base

Posted ideas will have one of the following statuses.
Full definition of these statuses can be found on the Home Page.
No status
NEEDS MORE DISCUSSION
RESEARCHING/EVALUATING
DECLINED
PLANNED
STARTED/IN DEVELOPMENT
IN BETA
COMPLETED