×

Supercharge your GE solution! Download a free trial of Proficy Operations Hub, CSense analytics, and more. Learn more about the Proficy 2023 releases, by signing up for one of our upcoming events.

Home
Proficy Authentication
Windows Integrated Authentication / Auto-login
Windows Integrated Authentication is a new capability added to Proficy Authentication Service from version 2.5.
Configure Security Policy
This topic describes how to configure security policy setting associated to Kerberos authentication.

Configuration Hub Products Documentation

Proficy Authentication
- About Proficy Authentication
- Set up Proficy Authentication
  This topic describes how to set up Proficy Authentication in Configuration Hub.
- Navigation in Proficy Authentication
  Proficy Authentication provides identity-based security for Proficy based applications and APIs.
- Manage Identity Providers
- Manage Groups
- Manage Users
- Windows Integrated Authentication / Auto-login
  Windows Integrated Authentication is a new capability added to Proficy Authentication Service from version 2.5.
  - Configure Security Policy
    This topic describes how to configure security policy setting associated to Kerberos authentication.
  - Create Service Principal Name
    This topic describes how to create a service principal name.
  - Generate Keytab File
    Generate the Kerberos keytab file.
  - Proficy Authentication Service Configuration
    This topic provides steps to update the Proficy Authentication uaa.yml file.
  - Configure Browser
    Configure the browser settings for Kerberos authentication.
  - Troubleshooting Error Logs
    This topic describes Windows Auto-login success/failure scenarios.
- High Availability
- Customize Login Screen
  This topic describes how to customize the Proficy Authentication login screen.

Configure Security Policy

This topic describes how to configure security policy setting associated to Kerberos authentication.

About this task

It is possible that you may not have access to your computer’s local security policy settings, if it is governed by a group policy (controlled by your domain administrator). In any case, make sure that these security options are enabled for your computer.

If your environment is not governed by a group policy, then follow these steps to configure local security policy:

Procedure

To access Local Security Policy, enter secpol.msc in Windows Run dialog and select OK.
Navigate to Security Settings > Local Policies > Security Options.
Double-click and open Network security: Configure encryption types allowed for Kerberos security policy setting.
Select the valid encryption types that you want to use as shown in the figure. Ensure that the selection is same across all the participating nodes.
You can select either AES128_HMAC_SHA1 or AES256_HMAC_SHA1 as the encryption type. Also select the Future encryption types option.
Note: In our current documentation, we use AES256_HMAC_SHA1 encryption type in our example code to generate the keytab file.
For more information refer to Microsoft documentation on security policy settings.