×

Supercharge your Proficy solution! Download a free trial of Proficy Operations Hub, CSense analytics, and more. Explore our Proficy 2024 releases!

Home
Proficy Authentication
Manage Groups
Overview of Managing Groups in Proficy Authentication
Groups are a collection of users who share common roles or responsibilities. Administrators can assign permissions and policies to entire groups, rather than individual users.
Scopes for Operations Hub Users/Groups
This topic provides a list of scopes you can assign to users/groups for accessing Operations Hub.

Proficy Authentication
- About Proficy Authentication
- Set up Proficy Authentication
  This topic describes how to set up Proficy Authentication in Configuration Hub.
- Get Started With Proficy Authentication
  This topic helps you to get started with the application.
- Manage Identity Providers
- Manage Groups
  - Overview of Managing Groups in Proficy Authentication
    Groups are a collection of users who share common roles or responsibilities. Administrators can assign permissions and policies to entire groups, rather than individual users.
    - Scopes for Proficy Authentication Users/Groups
      This topic provides a list of scopes you can assign to users/groups for accessing Proficy Authentication.
    - Scopes for Operations Hub Users/Groups
      This topic provides a list of scopes you can assign to users/groups for accessing Operations Hub.
    - Scopes for iFIX Users/Groups
      This topic provides a list of scopes you can assign to users/groups for accessing iFIX.
    - Scopes for Historian Users/Groups
      This topic provides a list of scopes you can assign to users/groups for accessing Historian.
    - Scopes for Plant Applications Users/Groups
      This topic provides a list of scopes you can assign to users/groups for accessing Plant Applications.
  - Create Groups
    This topic describes how to create new groups in Proficy Authentication.
  - Modify Groups
    This topic describes how to modify existing groups in Proficy Authentication.
  - Map Groups
    This topic describes how to perform group mapping.
  - Add/Remove Users in a Group
    This topic describes how to add or remove users from a group.
  - Add/Remove Sub-Groups in a Group
    This topic describes how to add or remove sub-groups from a group.
  - Delete Group
    This topic describes how to delete Proficy Authentication groups.
- Manage Users
- Windows Integrated Authentication / Auto-login
  Windows Integrated Authentication is a new capability added to Proficy Authentication Service from version 2022.
- Example Configuration for Multi-domain and Auto-login Functionality
  This topic describes how to set up the auto-login with multi-domain functionality so that users can automatically log in to multiple domains without having to enter their credentials for each domain login.
- High Availability
- Customize Login Screen
  This topic describes how to customize the Proficy Authentication login screen.
- Backup and Restore
  This topic describes how to perform backups and restore the Proficy Authentication database.
- Troubleshooting Proficy Authentication

Scopes for Operations Hub Users/Groups

This topic provides a list of scopes you can assign to users/groups for accessing Operations Hub.

To access both the designer and runtime features in Operations Hub, a user must possess, at a minimum, the iqp.developer and iqp.user scopes.

Scope	Description
`iqp.developer`	This scope is assigned to developer users. When a developer account is created, an associated application user account is automatically generated, sharing the same login credentials. Users with this scope have the ability to access pages for application creation, granting them access to both application design and runtime functionality.
`iqp.user`	This scope is assigned to application users. Users with this scope can only access those applications in Operations Hub to which they have been granted access. These users do not have the ability to access pages for application creation. Their access is solely restricted to the runtime functionality of the applications.
`iqp.clouduser`	This scope is assigned to users who want to use the REST API, mainly the M2M Device RESTful APIs.
`iqp.nodered`	This scope is assigned to users who want to access the Dataflow Editor.
`iqp.studioAdmin`	This scope is assigned to privileged users. Users with this scope can access the Administrator Console to configure global settings for an Operations Hub instance, such as the settings for email servers and the MQTT brokers for MQTT data interoperability. Note: This scope does NOT grant access to Operations Hub designer or runtime.
`iqp.tenantAdmin`	This scope is assigned to privileged users. Users with this scope gain administrative authority at the Tenant or System level (in our case, we have one tenant). They enjoy full administrative access to the Operations Hub instance, with the exception of scenarios requiring membership in the `iqp.studioAdmin` group. Administrators with this scope have the ability to unlock an application that may be locked by another user.