Why to use the User-defined External Authentication
WinCC OA supports also the usage of a user-defined authentication mechanism such as LDAP from an external user authentication tool.
Advantages of the external authentication:
- Allows WinCC OA to support environments with mixed operating systems, where all users are authenticated by a Windows or Linux domain.
- Allows WinCC OA to support web based applications were users create their own identities, based on API managers.
- Allows software developers to test applications by using a complex permission hierarchy based on temporary logins.
Requirements for the external authentication tool
Similar to an integrated OS based authentication mechanism for an active directory system it must be possible to set these policies within an external authentication tool. ETM professional control GmbH cannot recommend any specific tool but during the analysis it is important to define the following as must have criteria:
- The evaluated authentication tool should be able to enforce the usage of good passwords.
- It should be robust against Denial of Service attacks.
- It should use a state of the art hash algorithm for user passwords.
- Support of encrypted user credentials transfer. The external tool should be available via VPN connection to make a secure remote connection possible.