SPG Controls’ ARCO Platform can use Active Directory for authentication and authorisation. The ARCO Platform communicates through Active Directory Federation Services (AD FS) and OpenID Connect/OAuth.
Active Directory Enrolment
Once a user account is added to Active Directory the user may be imported into ARCO from within the user screen. This maps the user detail to ARCO and link’s the account to an active directory user.
The Active Directory Groups are associated with ARCO roles via tags. As a user’s groups are updated within Active Directory their roles within ARCO are updated.
The roles may be access or operator roles, enabling control of the user’s access credentials and their rights within ARCO Platform.
Active Directory Authentication
ARCO authentication uses the standard AD FS authentication model for web applications using the OpenID Connect/OAuth concepts.
Active Directory Authorisation
Authorisation is controlled through the allocation of tags to the ARCO roles. These roles are then mapped after authorisation. Changes in the Active Directory groups are monitored, and the roles allocated within ARCO are updated to reflect the allocations.
Active Directory Configuration
Trust must be in place between the ARCO Platform and Active Directory. This is achieved within ARCO through the setup of the Active Directory configuration of the ARCO Identity Server Service.