×

Supercharge your Proficy solution! Download a free trial of Proficy Operations Hub, CSense analytics, and more. Explore our Proficy 2024 releases!

Home
Proficy Authentication
Manage Identity Providers
SAML
Enable SAML
This topic describes how to configure SAML identity providers for Proficy Authentication.

Important Product Information
Getting Started
Proficy Authentication
- About Proficy Authentication
- Set up Proficy Authentication
  This topic describes how to set up Proficy Authentication in Configuration Hub.
- Get Started With Proficy Authentication
  This topic helps you to get started with the application.
- Manage Identity Providers
  - LDAP
  - SAML
    - Enable SAML
      This topic describes how to configure SAML identity providers for Proficy Authentication.
      - Configure Okta as SAML IDP
        This topic describes SAML configuration with Okta.
      - Configure Azure AD as SAML IDP
        This topic describes how to configure Azure AD (Active Directory) as a SAML identity provider.
    - Add SAML Identity Provider
      This topic describes how to add multiple SAML accounts in Proficy Authentication.
    - Modify SAML Identity Provider
      This topic describes how to modify the existing details for a SAML account.
  - Enable Multi-Factor Authentication
    This topic describes how to enable multi-factor authentication for users.
  - Delete Identity Provider
    This topic describes how to delete identity providers.
- Manage Groups
- Manage Users
- Windows Integrated Authentication / Auto-login
  Windows Integrated Authentication is a new capability added to Proficy Authentication Service from version 2022.
- High Availability
- Customize Login Screen
  This topic describes how to customize the Proficy Authentication login screen.
- Backup and Restore
  This topic describes how to perform backups and restore the Proficy Authentication database.
- Troubleshooting Proficy Authentication
iFIX
CIMPLICITY
Historian
Operations Hub
Webspace
MQTT Client
Settings
Troubleshooting

Enable SAML

This topic describes how to configure SAML identity providers for Proficy Authentication.

You should enable SAML prior to adding SAML IDP accounts in Proficy Authentication. To enable SAML, you will need to download the Proficy Authentication service provider's metadata file.

Visit https://enter FQDN of the machine where Proficy Authentication is installed/uaa/saml/metadata to download the saml-sp.xml file.
To configure any SAML identity provider, gather information from the downloaded saml-sp.xml file.
Generate a metadata XML file from the configured identity providers, and use the file to add a SAML IDP account in Proficy Authentication.

Refer to the following examples on how to set up SAML identity providers for Proficy Authentication:

SAML Configuration Flow

The following diagram is a visual representation of the key components involved in the SAML configuration flow.

In the SAML configuration flow, Proficy Authentication Service acts as a SAML Identity Provider (IDP). You must configure Proficy Authentication Service as an IDP by providing it with the necessary SAML metadata and settings.

The following figure illustrates how the data flows and interacts to ensure secure access to resources.

Users provide their credentials, which includes a user name and password.
When users attempt to access a protected application, they are redirected to the Proficy Authentication Service for authentication.
Proficy Authentication Service generates a SAML authentication request and sends it to the user's browser. This request is sent to the configured IdP endpoint.
If users are successfully authenticated, they gain access without the need to log in separately.