Authentication providers

configuration available at configuration > authentication providers each authentication provider has the following fields name description the name of your authentication provider description description a fitting description of your provider (optional) status description whether your provider is active or not if not, users from that authentication provider will not be able to log in default true authentication provider type description which type of authentication provider is this currently, three options are available google, microsoft and {{ldap}} selecting a type will show you extra settings for that particular type google client id description fill in the oauth client id you created in your google console client secret description fill in the oauth secret you created in your google console microsoft tenant id description the unique identifier of your tenant if left blank common will be used client id description the identifier for the application client secret description fill in the oauth secret you created in azure enable group mapping description check this if you wish to use the membership of security groups in azure to infer the group membership of a user in factry historian group mapping type description sets whether security groups or app roles are used to determine the groups which the user is automatically added to ldap host description this is the ip address or {{fqdn}} of the ldap server to connect to port description the port on which the ldap service is listening use ssl description check to enable {{ssl}} use tls description check to enable {{tls}} skip verify ssl description check to skip the verification of the server certificate if ssl or tls is enabled root ca certificate description if the ldap server has ssl enabled and you are using self signed certificates provide the full location to the trusted root ca certificate with which the server certificate has been signed this certificate must be placed on the same server which is running factry historian and must be readable for the factry system user client certificate description if client certification authentication is enabled provide the full path to the client certificate this certificate must be placed on the same server which is running factry historian and must be readable for the factry system user client key description if a client certificate is configured provide the full path to the key to decrypt the certificate this file must be placed on the same server which is running factry historian and must be readable only to the factry system user binduser dn description provide the distinguished name for the user which is used to bind to the ldap server for security purposes this user is best configured having read only access to the ldap server binduser password description the password used to authenticate the bind user basedn description this is the “base distinguished name” it is the starting point for all ldap searches all users which are to be authenticated against the ldap server must be found within the directory tree beneath the basedn search filter description the search filter is used to define the criteria for searching the directory for a specific set of users for example if you wish to lookup users by their common name use (cn=%s) (%s is replaced the username on login) the following configuration parameters are used to extract extra attributes from the ldap users to enrich the attributes of the user in factry historian email attribute description the name of the email attribute in ldap firstname attribute description the name of the first name attribute in ldap lastname attribute description the name of the last name attribute in ldap locale attribute description the name of the local attribute in ldap memberof attribute description this attribute is used to determine the group membership of a user it is only used if the enable group mapping option is enabled enable group mapping description check this if you wish to use the membership of groups in ldap to infer the group membership of a user in factry historian user group mapping in order to authorize users according to their group membership in either ldap or microsoft you will have to indicate which corporate groups correspond to which factry historian groups this can be achieved by editing the historian user group you wish to map and add a group mapping below you can find a screenshot in which an administrators user group has been mapped to a user group in ldap and a security group in microsoft azure how tos for more in depth information on how to add a particular authentication provider, please consult these guides microsoft entra id docid\ nr4aiwawd osjewkayytj google authentication docid\ ctufdjnyif0mm0ymhbu04 ldap docid\ mqelnbfgpwdawlzmmdptt