8.1.2 Access Control - Settings

8.1.2 Access Control - Settings





You can enable Legacy Security, Granular Security, or both simultaneously. Security access from these two sets of Security Groups is additive. Meaning if a user is granted certain access from Legacy, and other different access from Granular, that user will have all of that granted security combined. By default, or if you are migrating from an older version of Monitoring prior to v23, you would only have Legacy Security enabled. You can enable Granular security and set up all of the user access prior to disabling Legacy access, just so that none of your users are locked out of sections they need to access.

If you are considering managing your FactoryWiz user login usernames/passwords through your company's Microsoft Active Directory (AD) through the Lightweight Directory Access Protocol (LDAP) interface, you would enable the LDAP / Active Directory checkbox.
Please note that this is an advanced feature and requires a significant amount of configuration and maintenance of your corporate network systems outside of just the FactoryWiz application configuration.
Also note that, while it is possible to integrate FactoryWiz authentication/authorization with AD/LDAP through the default unencrypted port, we recommend that you enable SSL for LDAP in your AD environment so that the FactoryWiz server is not sending unencrypted credentials across your network.
Configuring your Active Directory environment for Secure LDAP is beyond the scope of this document and should be performed by your company's IT team.
If your IT team would like additional guidance on how to enable Secure LDAP, please have them reach out to support at FactoryWiz.com
Also, if not already enabled, we would recommend adding DNS naming, and SSL encryption to the FactoryWiz monitoring website by adding a valid SSL Certificate from a trusted Certificate Authority, so that credentials are submitted over a secure port to the FactoryWiz web server, which would subsequently communicate with the LDAP server for authentication and authorization.

When you check the LDAP/AD checkbox option, you will be presented with additional configuration fields


In the Server Name or IP configuration field, you should put the IP address of your AD Domain Controller. If you have a Backup Domain Controller, you can put that IP address in the Alternate Server field. 
For the FactoryWiz system to be able to query your Active Directory's LDAP interface, it must pre-authenticate with the AD system, using this "service account". Therefore, you will need to create a "service account" user in Active Directory. This AD "service account" can be a weak user and does not need any special access rights. 
The default unencrypted LDAP port is typicall 389
If you have enabled Secure LDAP on your AD server, that port is typically 636

Once you have successfully configured FactoryWiz to communicate with AD, you can simply use AD for Authentication of FactoryWiz (FW) user names and passwords. If you only want to use AD for Authentication, and not security Authorization, you must add each username in the FactoryWiz Users section (the AD username and FW username must match identically).
You can then configure each FW user with the Legacy and/or Granular security groups.

If you want to take the FW LDAP configuration a step further and manage security rights in AD/LDAP, then you must configure all of the security groups in AD and add your users to those groups.
Then you would "map" those AD security group names to the FW group names in the Mappings sections.
Note: configuring Active Directory users and security groups is beyond the scope of this document and is usually handled by your IT team at your company.
If your IT team require additional guidance on how to set up AD users and security groups, please have them reach out to support at FactoryWiz.com


    • Related Articles

    • 8.1.1 Access Control - Users

      The Users tab is where you can view current users that have been set up already. The left side of the window shows the list of users who have been configured. When you click on a username, the settings and permissions for that user will be displayed ...
    • 8.4.2 Server Settings

      Here you can manage your email settings and view a history of emails sent. SMTP Server Name or IP address Here you can enter the email server’s SMTP address. Server TCP Port Here you can enter the email server’s TCP port number. Use Encryption If you ...
    • Is my Haas a Next Gen Control (NGC)

      Next Gen Control - NGC The easiest way to find out if your Haas is a NGC, is to locate the network screen. Press the SETTINGS hardkey Use the arrows to navigate to NETWORK > WIRED CONNECTION If you see the exactly same screen below then you have a ...
    • 8.5 Global Settings

      Global Settings section This section allows you to change some of the colors and other settings that apply to the entire Monitoring website.
    • 8.9.2 Map View Settings

      Settings The Settings tab is where you configure all the settings for Map View. Here you can add/remove background images, change the appearance of machine instances, and configure the information to be displayed. Click the + in the upper right ...