Access using external identity provider - HxGN LiveView - Administration & Configuration

HxGN LiveView Administrator Help
Language
English
Product
HxGN LiveView
Search by Category
Administration & Configuration
LiveView Version
2

This method can be used to delegate access management to a Hexagon or third party OAuth 2.0 authentication management software. User identity management is also inherited from the authentication system. For example, if the authentication service uses the Active Directory as the Identity provider, your users can log in to LiveView using the company Active Directory credentials.

Advantages of this method include no extra maintenance of login accounts and permissions to project data. Users can bypass the default Xalt login prompt to directly log in to Xalt via an external OAUTH Server. Using the authorization code flow, the user can log in directly to the OAUTH server. The Xalt server can then request an Access Token on behalf of the OAUTH user.

This authentication method also provides a mechanism to use access rights from parent tools such as Smart P&ID or Smart Electrical. When data is accessed from HxGN LiveView, it uses access tokens that were generated for the logged on user. To see how to set up this access in LiveView, contact the PPM Smart Community.

The procedure below shows how to use the Authorization Code flow for the application usage and Resource Owner flow for accessing the metadata for application configuration.

Configure Authentication

  1. From your authentication service application, create two clients:

    • Create one client with the Authorization Flow set to Authorization Code. Add https://oauth.hexagonxalt.net/oauth/[tenantID]/v1/callback/ in the Redirect URIs section.

    • Create the other client with the Authorization Flow set to Client Credentials. Add https://oauth.hexagonxalt.net/oauth/<tenantID>/v1/callback/’ in the Redirect URIs section.

  2. Copy the Client ID and Secret for each.

  3. Create additional users in the authentication service (not IWA). These users should be provided access to the Smart API registered in the authentication service to set up HxGN LiveView.

    Create a Group User Profile

  4. In the authentication service settings, set the token settings to allow refresh tokens as shown in the Smart API example below.

  5. Associate the appropriate identity provider for authenticating users in the authorization service. For example, see Identity settings for information on identity management in the Smart API Manager