Access using OAuth 2.0 - HxGN LiveView - Administration & Configuration

HxGN LiveView Administrator Help

PPMProduct
HxGN LiveView
PPMCategory_custom
Administration & Configuration

This method can be used to delegate access management to a Hexagon or third party OAuth 2.0 authentication management software. User identity management is also inherited from the authentication system. For example, if the authentication service uses the Active Directory as the Identity provider, your users can log in to HxGN LiveView using the company Active Directory credentials.

Advantages of this method include no extra maintenance of login accounts and permissions to project data. Users can bypass the default Xalt login prompt to directly log in to Xalt via an external OAUTH Server. Using the authorization code flow, the user can log in directly to the OAUTH server. The Xalt server can then request an Access Token on behalf of the OAUTH user.

This authentication method also provides a mechanism to use access rights from parent tools such as Smart P&ID or Smart Electrical. When data is accessed from HxGN LiveView, it uses access tokens that were generated for the logged on user. To see how to set up this access in HxGN LiveView, contact the PPM Smart Community.

The procedure below shows how to use the Authorization Code flow for the application usage and Resource Owner flow for accessing the metadata for application configuration.

Configure Authentication

  1. From your authentication service application, create two clients:

    • Create one with the Authorization Flow set to Authorization Code, and add https://oauth.hexagonxalt.net/oauth/[tenantID]/v1/callback/ in the Redirect URIs section.

    • Create the other with the Authorization Flow set to Resource Owner and add https://oauth.hexagonxalt.net/oauth/<tenantID>/v1/callback/’ in the Redirect URIs section.

  2. Copy the Client ID and Secret for each.

  3. Create additional users in the authentication service (not IWA) that have the same logon name as the users you will create in HxGN LiveView. These users should be provided access to the Smart API registered in the authentication service.

    Create a Group User Profile

  4. Hexagon Support creates a group profile in Xalt for you with the following values:

    • User ID and Name = Select an ID and a name that do not conflict with any existing user names in your Hexagon applications.

    • Authentication Service = (Xalt)

    • Password = Type a password containing at least 15-20 characters.

    • Roles = Internal

  5. To be performed by HxGN Support:

    In the Hexagon Xalt tenant, select OAuth Authorization and set the following options:

    • Client ID and Secret: Type the ID and secret defined in step 2

    • Redirect URI: https://oauth.hexagonxalt.net/oauth/<tenantID>/v1/callback/

    • PPM Discovery Base URL: URL address of the /description discovery document

    • Assigned User Profile: Select the Xalt user group defined in step 4.