Skip to Main Content
AVEVA™ PI System™ Feedback Portal

Welcome to our feedback site!


We created this site to hear your enhancement ideas, suggestions and feedback about AVEVA products and services. All of the feedback you share here is monitored and reviewed by the AVEVA product managers.

To start, take a look at the ideas in the list below and VOTE for your favorite ideas submitted by other users. POST your own idea if it hasn’t been suggested yet. Include COMMENTS and share relevant business case details that will help our product team get more information on the suggestion. Please note that your ideas and comments are visible to all other users.


This page is for feedback specifically for AVEVA PI System. For links to our other feedback portals, please see the tab RESOURCES below.

Status Completed
Categories Security
Created by Guest
Created on Aug 20, 2022

PI System Security with OpenID Connect/OAuth2/Active Directory Federated Services (ADFS)

Please consider enabling PI System Security to use Active Directory Federated Services (ADFS)[OpenID Connect/OAuth2]--the interfaces, buffer, integrators, PI Vision, etc...  As organizations move to Office365 and Cloud/Internet services, this would make authentication/use outside a company's network easier.
  • ADMIN RESPONSE
    Jul 10, 2023

    AVEVA PI Server 2023 introduces modern, claims-based authentication via OpenID Connect. For additional information on AVEVA PI System 2023, please see the release announcement.

  • Attach files
  • Paul Downes
    Reply
    |
    Jun 16, 2023

    Has there been any update to this request please? We want to implement in Azure, but would like users from other domains to sso and use PI. Is this still not possible?

  • Guest
    Reply
    |
    Aug 20, 2022
    Customers are requesting Single Sign-On to PI Vision. Suggest adding PI Vision SSO to the title.
  • Guest
    Reply
    |
    Aug 20, 2022
    I believe this is a duplicate of another request. https://feedback.osisoft.com/forums/555148-pi-server/suggestions/31729966-pi-system-security-with-openid-connect-oauth2-acti
  • Guest
    Reply
    |
    Aug 20, 2022
    Very good proposal. May I suggest building on today's mapping of Active Directory objects (users and/or security groups) to PI+AF Identities by extending with the possibility to map token claims to PI+AF Identities. This would maintain backwards compatibility as well as supporting the new feature request.
  • Guest
    Reply
    |
    Aug 20, 2022
    In response to Floris Zwaard, "I looks like the request somehow answers..." While the AF and Data Archive servers don't yet support an OpenId/OAuth authentication scheme, both the PI Web API and PI Vision currently do but with a necessary protocol transition when authenticating to their back end resources.
  • Guest
    Reply
    |
    Aug 20, 2022
    I looks like the request somehow answers my question as if the PI System does not support ADFS authentication? Does this counts for PI Vision as well?
  • Guest
    Reply
    |
    Aug 20, 2022
    As a PI Administrator I want to be able to use claims based authentication throughout the PI System so that I can provide a simplified and secure authentication methodology for all my users, including ones using web based applications.
  • Guest
    Reply
    |
    Aug 20, 2022
    After doing the POC (00043030) in Azure, we found that the Azure AD authentication to PI server was insufficient. Windows AD authentication was required for the PI Vision Kerberos authentication. At the moment Azure AD is not generally supported by the PI system which is restricting us to move our application to Azure and to be independent of Active Directory. It is also preventing us to fully integrate into the Cloud and meet Uniper's strategic objectives.
  • roberto.bertocco
    Reply
    |
    Aug 20, 2022
    This would be a very important improvement.
  • roberto.bertocco
    Reply
    |
    Aug 20, 2022
    The major part of us now are using AzureAD from Microsoft, This technology must be supported by OSISOft otherwise we need to maintain an obsolete Active directory Domain controller only for PI Authenticatoin.,
  • Guest
    Reply
    |
    Aug 20, 2022
    OAuth is a regular request for identification with the increase of cloud-based deployments and non-windows environments connecting to PI in some way.
  • Florent_A
    Reply
    |
    Aug 20, 2022
    As our CyberSecurity team is against replicating our AD Domain to our Azur tenant, we are completely blocked to move part of our PI servers into the cloud. Adding Modern Authentication to the PI system will release us from this constraint.