Set Up Geo SCADA Expert to Use Single Sign-On (SSO)

You can configure Geo SCADA Expert to enable users to use single sign-on (SSO) to log on to a ViewX client using AVEVA Identity Manager. Single sign-on enables you to access multiple systems and applications with a single set of credentials. The single sign-on mechanism employs secure authentication tokens, reducing the need for frequent password input and reducing the risk of unauthorized access. The single sign-on feature enhances security, user experience, and helps to optimize user access management.

Perform the following procedure on each Geo SCADA Expert server. The settings affect all ViewX clients that connect to those servers.

To set up Geo SCADA Expert to use single sign-on with AVEVA Identity Manager:

1. Register your ViewX Client ID—Use the AVEVA Identity Manager Client Registration Tool to register your ViewX client ID to allow logons (see Register ViewX or Virtual ViewX to Use Single Sign-on).

   The AVEVA Identity Manager registration process enables you to specify an expiry time for the security token. Once you are logged on to AVEVA Identity Manager, the security token expires based on the specified expiry time.

   Before the token expires Geo SCADA Expert requests a new security token. If the first attempt fails, Geo SCADA Expert will re-attempt. If the token expires and the request fails each time, for example if the ViewX machine has a network failure, you will be logged out of Geo SCADA Expert.

2. Configure Geo SCADA Expert to use External Authentication—Configure Geo SCADA Expert to use AVEVA Identity Manager token-based authentication (see Using External Authentication with Geo SCADA Expert).

Once the above setup is complete, the following occur whenever a user attempts to log in to ViewX and selects the SSO button on the Logon window:

1. User Access Request—When the user tries to access ViewX, they are redirected to the AVEVA Identity Manager logon window. The user enters their credentials on the AVEVA Identity Manager logon window (see Log On to Geo SCADA Expert ViewX).
2. User Authentication—AVEVA Identity Manager verifies the user's credentials and generates a security token. The token contains information about the user and their permissions. 
3. Token Exchange—After successful authentication, AVEVA Identity Manager sends the security token back to Geo SCADA Expert.
4. User Access—The user is granted access to Geo SCADA Expert. If the user attempts to log on to additional systems using single sign-on then the existing token is used to authenticate them, eliminating the need to re-enter their username and password.