OSIsoft Cloud Services
Welcome to the OSIsoft Cloud Services feedback page!
We created this forum to hear your ideas, feature suggestions and feedback around our cloud offerings. For more information on OSIsoft Cloud Services, please refer to: https://cloud.osisoft.com/
Please note that your ideas and comments posted here are visible to all other users.
- For PI Cloud Connect, please enter your ideas here: https://feedback.osisoft.com/forums/598033-pi-cloud-connect
-
Restrict Access to Tenant's Users & Namespaces / Strict Mode
Ability to restrict user access to an Tenant's Users and namespaces within a Tenant so that certain users/roles don't know other users in the tenant.
Used for scenarios when a Tenant is storing multiple customer's access within the same Tenant prior to Community Data Sharing services being available.
15 votesWe have implemented a new feature in OCS called ‘strict mode’ that can be enabled by OSIsoft on a customer’s tenant. This feature is now in preview.
Enabling strict mode hides several OCS portal menus, API routes, and tiles on the landing Dashboard to non-Admin users.
The feature is intended for use for tenants that may have multiple company’s users logging into the tenant (example: connected services and their customers) and there is a need to hide administrative information and other user information from non admin users.
Strict mode hidden menus include: Identity Providers, Users, Roles, Groups, Clients, Usage, Health, My profile only shows a user’s own information. Likewise, API routes goes to a forbidden error. Dashboard tiles hidden include: usage tile, health tile, quick links tile.
To enable strict mode, please contact OSIsoft and we can enable it on your tenant. Please let us know your feedback.
-
Encryption in Motion / Transit
As an IT department, I need to ensure when our company's data is being moved from point A to point B that it is encrypted SO THAT our data is protected.
8 votes -
Improve OCS Permissions Management
Make improvements to OCS permissions management and user experience throughout the platform.
If I don't have permissions to something, don't show it.
Set default permissions on streams from the beginning, etc.
*** Please use this idea's comments to capture other improvements for this topic ***
5 votes -
Enable OCSP stapling on cloud.osisoft.com
OCSP stapling means the web server sending the certificate revocation status with the certificate to the users' browsers, which avoids the need for the browsers to contact the certificate authority to get this information.
OCSP stapling will make the website load faster and protect the users' privacy from the certificate authority. Please add support for it.
The link below can be used to check if OCSP stapling has been enabled (among other things):
https://www.ssllabs.com/ssltest/analyze.html?d=cloud.osisoft.com3 votes -
Do not use 'unsafe-inline' in the Content Security Policy
OSIsoft Cloud Services has a very secure configuration already, but it has a sloppy blunder: 'unsafe-inline'. Please stop using it. This should make the configuration even more secure and bring the Security Headers score of OSIsoft Cloud Services from A to A+. See the links below.
https://securityheaders.com/?q=https%3A%2F%2Fcloud.osisoft.com%2F
https://content-security-policy.com/unsafe-inline/3 votes -
OCS APIs should allow requests with an Access Token issued by my Identity Provider
A customer is building a Web application that needs to access both Microsoft APIs (secured using Azure Active Directory) and OCS APIs (secured using OCS Identity Server). In order for the customer to call both sets of APIs from their Web application, they currently need to authenticate the User with Azure Active Directory and perform a second authentication with OCS Identity Server.
The Access Token issued by Azure Active Directory can be used to access Microsoft’s APIs and the Access Token issued by OCS Identity Server can be used to access OCS APIs, but not vice-versa. This means that the…
3 votes -
Add support for TLS 1.3 to cloud.osisoft.com
Please add support for TLS 1.3 to cloud.osisoft.com so that it loads more quickly and more securely.
3 votes -
Cascading Security Inheritance Down to Streams and other Objects in a Namespace
If a single namespace is being used to store data from multiple customers or sites, there needs to be a way to propagate security inheritance down to objects (streams, assets, etc.) within the namespace.
3 votes -
Authentication support for Okta
Authentication support for Okta
2 votes -
OCS Azure B2C Support
Support for Azure B2C as an authentication method for OCS.
2 votes -
PItoOCS installation should support Device Codes in addition to manual OCS login
As a PI System Administrator installing the PI to OCS agent, I need an alternate way to establish a secure connection instead of opening a web page and manually entering my credentials because our company bans java script or there is no web browser available on the machine. Because of this, I can never get the install kit to finish.
Currently for a user or client to log in, either a clientid/secret or interactive user log in with an Identity Provider must be used in order to obtain a access token. We would like to use a device code to…
2 votesWe are interested in learning more about your use case and requirements for support of Device Codes for PI to OCS installation.
-
Easily Change OCS Accounts / Tenants
As an admin of multiple tenants (some tenants are customers where I will be the acting administrator, though it is their data) I would like to be able to quickly and easily switch between tenants/OCS Accounts.
2 votes -
1 vote
-
Temporary / Transient Users with Expiration
Enable the ability to set expiration dates for users within a tenant/account SO THAT temporary workers / students / users can be setup to automatically remove access after a future date.
1 vote -
AD Group Support for Community Member Access
Support for Active Directory (AD) Groups when adding users to a Community.
1 vote -
Log the usage of a clientID for data ingress/egress
In maintaining and managing IoT devices I would like to be able to watch my data ingress and egress and general connections to OCS based on a clientIds to see if one has been compromised and is being used differently than expected.
1 vote -
Authentication support for Cisco Identity Services Engine.
Authentication support for Cisco Identity Services Engine.
https://www.cisco.com/c/en/us/products/security/identity-services-engine/index.html
0 votes -
Authentication support for ForgeRock
Authentication support for ForgeRock
0 votes -
Authentication Support for Ping Identity
Authentication support for Ping Identity
0 votes
- Don't see your idea?