FAQ

What is OAuth and why did we implement it?

OAuth (Open Authorization) is a standardized authorization method for software products which relies on ID providers (for example Microsoft Azure AD) to handle credentials and generated tokens for secure software access. - With OAuth, we provide a modern, secure login opportunity for our customers which meets or exceeds industry standards.

What are the implications to the software and to your system configurations?

Customers can freely choose to use OAuth or not. If not, no additional system configuration is necessary.

  • OAuth is disabled by default. If a customer chooses to use OAuth, they must activate and configure it separately.

  • Using OAuth requires slight changes in the log-in process, and comes with additional requirements to increase security:

    • A secure certificate needs to be implemented on the octoplant server; support from customer IT required

    • Communication now requires the use of a fully-qualified domain name (FQDN) at server and client side; additionally, a domain name system (DNS) server needs to be in place

      DNS servers are normally configured for octoplant automatically by the octoplant server operating system. See your IT team for configuration details.

    • An ID provider needs to be reachable from the octoplant server and client

Is it possible, to combine OAuth with other login methods?

Yes, OAuth can be combined with other login options (local login, LDAP, etc.) and if all options are configured, the user can choose the preferred option at the login screen.

If we use a CSC-Gateway, can we still use OAuth?

Yes, but first you need to make some adjustments in your network configuration. We recommend including your IT team.

Does the use of OAuth have any implications on our Agent systems or the communication to the Agents?

No.

What are the changes to the octoplant login with OAuth?

The octoplant login dialog includes a check for OIDC providers. A setting on the Server configuration dialog can disable this check:

Check this checkbox if you desire the login dialog to check for OIDC providers. Un-check to prevent this behavior.