Skip to Main Content
AVEVA™ PI System™ Feedback Portal

Welcome to our feedback site!


We created this site to hear your enhancement ideas, suggestions and feedback about AVEVA products and services. All of the feedback you share here is monitored and reviewed by the AVEVA product managers.

To start, take a look at the ideas in the list below and VOTE for your favorite ideas submitted by other users. POST your own idea if it hasn’t been suggested yet. Include COMMENTS and share relevant business case details that will help our product team get more information on the suggestion. Please note that your ideas and comments are visible to all other users.


This page is for feedback specifically for AVEVA PI System. For links to our other feedback portals, please see the tab RESOURCES below.

Status Completed
Categories Security
Created by Guest
Created on Aug 19, 2022

Single Sign-On (SSO) using claims authentication in PI Vision

Integration with enterprise ‘non-windows’ (claims) authentication systems. A significant number of customers in my region are not using/don’t plan to adopt WIS as their authentication policy. As a result many of them are not using Windows AD. Customers need PI Vision to be more flexible: PI Vision should be able to be integrated with their chosen SSO system.
  • ADMIN RESPONSE
    Jul 10, 2023

    AVEVA PI Vision 2023 introduces modern, claims-based authentication via OpenID Connect. For additional information on AVEVA PI Vision 2023, please see the release announcement.

  • Attach files
  • Guest
    Reply
    |
    Aug 19, 2022
    better to provide the functions: 1. Login the PIVision with remembered password 2. Force login the pivision with password 3. After enter 3 times wrong password, lock the account in 1 hour
  • Christoph Rose
    Reply
    |
    Aug 19, 2022
    How many years is this expected to be in CTP? From our contacts with customer support, I expect OSIsoft to have gathered enough experience (and it is working well enough) to finally officially support this.
  • MikeJnoz
    Reply
    |
    Aug 19, 2022
    Notification screenshots would also need to work with SSO, we currently have SSO set up with claims authentication (OIDC) and this doesn't work for PI notification email graphic screenshots.
  • taterhead247
    Reply
    |
    Aug 19, 2022
    Azure (B2B and B2C). Our company uses AAD wherever possible. On-prem is seen as legacy (although still heavily used!). We would switch internal users to AAD auth. And it would allow us to auth external users as well.
  • Christoph Rose
    Reply
    |
    Aug 19, 2022
    We use Open ID Connect with Okta to do multi-factor authentication and provide sign ins to PI Vision for external customers outside of our business network.
  • Matt JP
    Reply
    |
    Aug 19, 2022
    We currently use OneLogin as an identity provider but have not yet configured PI Vision to use OIDC. If PI Vision supported OIDC more natively it would allow us to more easily add multi-factor authentication and all of the other features that IDPs offer more easily to the process of logging into PI Vision. This would greatly improve our confidence in offering external logins as we are a Connected Services Partner. It would also add confidence to our end-users as multi-factor authentication is now seen as pretty normal.
  • Guest
    Reply
    |
    Aug 19, 2022
    First, I’d like to say that today we have a production environment running the claims-based authentication. We currently use Memority as Identity Provider for our whole company ecosystem (many protocols supported but for PI Vision we work with OpenID Connect). We publish the site from On Premise (seen as "legacy" or even "old IT") over the internet with this third party auth via enterprise-grade reverse proxy solution for several purposes: 1. Company Laptop - connect to PI Vision without mounting VPN on laptops when on mobility or Working From Home (especially during covid-like crisis). 2. Other Company devices - connect to PI Vision from phone/tablet that are not compatible with Windows Integrated Security, from anywhere without entering login/password. 3. Company BYOD - connect to PI Vision from any personal device without installing any third-party app/vpn. 4. Partners - share displays & data to partners without the need to provide them with full access to our AD domain nor a company workstation. 5. Last and not tested yet because of missing prerequisite but reaching PI Vision within a full PI System in Azure tenant context - still avoiding reverting to basic auth. As seen in a case today the only alternative provided is to use Azure AD Application Proxy (https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/what-is-application-proxy). This is an entirely different solution than just claims-based authentication and requires an architecture study and risk analysis. Plus I’m not sure the 5th use-case could be covered by this solution. PS: As of today, our end-users do not know their own AD password.
  • Leksi
    Reply
    |
    Aug 19, 2022
    There should be an option where PI Vision can be installed in a non-domain environment. Like if the PI Systems is setup behind DMZ using only local authentication.