The WinCC OA
user login is used to identify and authorize users. If you want
the login panel to be opened automatically, you have to define
a manager start option that opens the panel (see chapter login
panel for more information). When the login panel is used,
the users have to log into the system with assigned user name
and password.
In the config file of the project, you can
define a user name and a password. If you have defined a user
name and a password, the system starts automatically with this
user. If you do not define a user, the system starts with a default
user. The default user does not have any authorization levels.
The WinCC OA
also provides the Single Sign On
feature. The feature is valid per workstation. If the feature
is activated under Windows user administration, you do not have
to log in with password and the current user is logged in. The
log in without password works only once when the login panel is
opened after the user interface has been started. After log out
from WinCC OA
without a restart of the user interface, a password has to be
entered. So the WinCC OA
and the Windows user can be different. The Single
Sign On feature does not exist for the user root.
The Single Sign On In order to
use Single Sign On, proceed as
follows:
Log into WinCC OA as Windows user.
The system detects that the user does not exist yet and creates
the user (see Windows user administration).
Define the group
rights via the group administration
panel and the authorization for the Single
Sign On via the workstation
authorization.
Log into WinCC OA via the login
panel. You are automatically logged in and you do not have
to enter the password.
Note
Do not
use Single Sign On in the extended mode of the UI
manager (-extended) or if the
user has the permission bit 4, because PARA, GEDI or the system
management can be opened.
Note
If user modifications have been made in the
Windows Active Directory and
SSO is used without Kerberos, so these have
to be updated in the WinCC OA
user administration manually. When you are using SSO with
Kerberos, the changes from the Windows
Active Directory will be detected by WinCC OA
and updated automatically.
Caution
Note that if you change your password in Windows,
WinCC OA recognizes
the password change only when you log in correctly. If you use
the Single Sign On to log in,
this is not counted as a login since you do not enter a password.
This means that if you check the new password in a script, the
check fails unless you log into WinCC OA
"normally". |