-
Mapping Windows External Groups to Canary Group v24
We've installed a new v24 Canary server and I'd like to know if there is a way to map our existing Windows Groups to Canary Groups in Identity ahead of time? I was able to map one that I belong to,…
- Answered
-
How to Change the Identity REST API Port (version 24)
By default, the Identity service is set to listen on 55353 for inbound client applications (e.g. Axiom, Excel Add-in, and Admin) trying to authenticate.…
-
Connecting v23 and v24 historians via Remote Historian View
We currently have two Canary servers, one v23 and one v24. Is it supported to set up Remote Historian Views on each server so that the Axiom instance on each can access the Views from the other? Or,…
- Answered
-
Auth Flow to Use Custom URI Fully
Right now, you can set up a custom URI/URL for Canary by creating a DNS record that points to the Axiom machine and adding that URL to the Identity Tile redirect list.…
-
Kerberos Authentication Limitation (version 24)
Kerberos does not work when connecting to Identity from the local server using a FQDN When a client on the Identity server connects to Identity using a FQDN and attempts to authenticate with Kerberos,…
-
Cache Credentials
I don't know if that's exactly the right term. But with Kerberos of OpenID authentication, laptops and machines usually have the ability to cache credentials.…
-
How to Configure Kerberos Authentication in Edge, Chrome, and Firefox (version 24)
If wishing to enable Kerberos within the Identity service, the following configuration changes may be needed depending on the browser you are using. Edge Install the Edge administrative template .…
-
Identity Tile (version 24)
Total Users – total number of “Canary” users created within the Identity service Active Users – total number of Canary users who are currently logged in to a Canary application (Canary Admin, Axiom,…
-
Identity Architectures (version 24)
When installing the Canary system, it is important to determine where the Identity service will be located as other Canary services must connect to it when authenticating and authorizing users.…
-
How to Configure a Remote Collector when Tag Security is Enabled (version 24)
If Tag Security is enabled within the Identity service, a remote Collector will not be able to write to the Historian by default. The SaF service on the Collector server must be configured to use an…
-
How to Create an API Token (version 24)
API tokens are used for several purposes within the Canary system. Reading data from the Historian using the Read API Writing data to the Historian using the Write API Writing data to the Historian…
-
How to Add an OpenID Connect Identity Provider (version 24)
By default, Canary uses Windows AD for user authentication; however, starting in v24, Canary also supports OAuth 2.0/OpenID Connect. This gives end users alternate options for signing into Canary's…
-
Identity Tile (version 24)
Total Users – total number of “Canary” users created within the Identity service Active Users – total number of Canary users who are currently logged in to a Canary application (Canary Admin, Axiom,…
-
Identity Overview (version 24)
The Identity service is used for three main purposes: Authenticating users that connect using Canary’s client tools Authorizing other Canary services Managing API Tokens Authenticating Users The…
-
Data Security (version 24)
The following article describes how data is secured In transit from Collector to Historian At rest in the Historian When accessed from the Historian Security In Transit Each Canary Collector is…
-
Tag Security (version 24)
Tag Security is used for restricting who can read and/or write to the Historian. When enabled, Canary users/groups must be given proper permissions within the Identity service.…