Different log-ins for different preferences without using Windows LDAP
Hi,
We run plant operations from a single PC with a general login, so everyone can access the HMI system and the Axiom trending package. Is there a way to create different accounts for the Axiom trending package so that everyone can set up their own preferences? Right now I have everyone logging in as Anonymous because the documentation to set up different users I find lacking / confusing, but my operators are getting annoyed with each other (one likes the light, the other dark, one wants the float labels with more information, another finds it too cluttered, etc. etc.). I don't want to use the Windows LDAP login since I don't think it will work, everyone needs to log in as the same user to view the operations HMI.
9 replies
-
Can I ask why you can’t use Active Directory? You can log into Axiom using a different AD account than the one used to sign into the machine. Is that the concern?
-
Because I can't find any documentation on how to set up the Active Directory? Like how does one create a username and password?
-
There's not a ton on it. Mostly just https://helpcenter.canarylabs.com/t/83y858k/identity-tile-version-24#:~:text=Enable%20Active%20Directory%20%E2%80%93%20(Enabled%20by%20default)%20allows%20the%20user%20to%20authenticate%20using%20their%20Windows%20credentials. Once you enable it, people can log into axiom using their windows credentials. Canary will only know about the domain on which the identity provider is installed. So as long as they have an account on that domain, they can log in. Does that make sense? Is that at all helpful?
-
Unfortunately I'm still unclear on how to get it working. Thank you for trying to help though. So:
1. I am on V22 still. So I do not have an "Identity" tile.
2. These PCs are on a separate industrial network - so no access to internet, and no one has individual windows log in credentials, it is all one shared UN&PW
3. I tried to create a Windows10 user account, and then log in, since apparently active directory should be enabled by default - also under Configuration Endpoints Views I have Net.Pipe - Windows checked off, as well as Net.TCP Windows and Net.TCP Username - but not sure if I need to ADD... to the Access at all? Regardless I am missing something because I am getting an error message of Authentication Failed error message.
-
v22 is a bit out of my wheel house. But, digging through the docs:
- You mentioned enabling endpoints on the Views tile. Are they also enabled on the Axiom tile? I would imagine if you're failing to authenticate to Axiom we need to look there before we look at Views. I'm guessing if you got to the point where you could enter UN&PW, that all the correct endpoints are enabled.
- So the client machines and the canary historian is on different domains? The canary historian is on a domain? Do the operators have domain accounts for the domain canary is on? When you tried to log in, did you include the domain name in the username field?
-
Okay so my configuration looks like:
- Axiom Tile -> Acess -> Configuration -> Allow Everyone, Allow Anonymous Logon
- Axiom Tile -> Endpoints -> Configuration -> Checked off: Net.Pipe - Windows, Net.Pipe - Anonymous, and also the two Https - Username & Anonymous
- Admin Tile -> Endpoints -> Configuration -> Checked off: Net.Pipe - Anonymous, Net.TCP - Windows Port 55273, & Net.TCP - Username Port: 55273
- Views Tile -> Permissions -> Security -> Security is not enabled.
- Views Tile -> Endpoints -> Configuration -> Checked off: all Net.'s (Net.Pipe Windows & Anon, Net.TCP - Windows, Username, Secure, Anon)
- Views Tile -> Access -> Configuration -> Allow Everyone, Allow Anon Logon
Then at a non-Historian PC, I created a new Win10 user, and logged in, then logged out in to the shared log-in, and when I went to sign in to the Axiom v22 application, using the Username/Password Credentials Mode, I still get Authentication Failed error.
Okay then I looked into Domains. So it seems we do not have domains activated. We only go by Workgroup, BUT all PCs (clients & historian) are a part of the same workgroup. Should I change / set up by Domain instead? -
Domains are always nice, but then you have to have a domain controller. which is usually a dedicated machine. I'll be honest, I work mostly with companies that have domains. I've never worked with workgroups. But I just did some googling and confirmed that workgroups mean absolutely nothing when it comes to user accounts and cross-machine authentication. Here is what I would try.
- Create a user account on the canary historian/axiom machine
- Log into the client machine with any user (doesn't matter)
- Log into axiom using the credentials for the user you set up on the canary historian/axiom machine. (you may have to prefix the username with ".\" or "machinename\". Not sure. Try without it first.)
Again, I've never done this before. But I'd assume that's how it works. If not, let me know where it breaks down and we can keep going.
-
it worked!!
(even without the ".\")
Thank you!! -
awesome! Glad we could get you a solution. What's the saying? "Happy operator, happy life"?
-
Print this page