Skip to main content
Skip table of contents

Synchronizing Security Information From Omnia Plant

Administrators can configure Omnia Plant Connectors to synchronize security related information from Equinor’s Omnia Plant Data Platform into Seeq.

Overview

The Omnia Plant Data Platform provides an API endpoint for retrieving “Group Mappings” which map a Group to a specific Timeseries or a more broad Timeseries Source. Each mapping indicates that the group should be permitted to access the Timeseries or the set of Timeseries that share the specified source.

An example of the output from this endpoint:

JSON 
{
    "id": "a5418800-b9fd-45be-89c2-ef141339d2bd",
    "groupId": "0f0df3dc-8184-48de-b330-535fdcd620c6",
    "plantSapCode": "1774",
    "plantStidCode": "ODC",
    "source": "IMS",
    "canWrite": false
}

When SecuritySynchronization > GroupMappings is enabled in the Datasource’s Additional Configuration, the Omnia Connector will apply the same access restrictions to the Signals it generates during indexing, provided that the groups identified by the mapping are also provisioned in Seeq (e.g. via OAuth group retrieval during indexing or SCIM group provisioning). When a mapping does not exist for a Timeseries, its corresponding Signal in Seeq will inherit permissions from its Datasource. Note: For Security Synchronization to work with SCIM group provisioning, you must ensure that the group.externalId SCIM parameter is mapped to the group object_id.

A typical Additional Configuration’s SecuritySynchronization will look like the following:

JSON 
"SecuritySynchronization" : {
  "GroupMappings" : true,
  "GroupMappingsDatasourceClass" : "OAuth 2.0",
  "GroupMappingsDatasourceId" : "My OAuth Datasource"
}

Prerequisites

In order for the Group Mappings to apply correctly in Seeq, the Groups referenced by it must be provisioned in Seeq by the Datasource specified in the Connector’s Additional Configuration. For example, this could be an OAuth 2.0 Datasource configured to pull groups during indexing or to receive groups via SCIM. In any case, you must ensure that the groups provisioned this way have as their ID the same value as the groupId specified in Omnia Plant’s Group Mappings.

Configuration

Config Key

Optional?

Notes

GroupMappings

Required

GroupMappingsDatasourceClass

Required when GroupMappings is True

The class of the datasource that provides Active Directory groups. Possible values: "Windows Auth", "LDAP", "OAuth 2.0". Default value: "".

GroupMappingsDatasourceId

Required when GroupMappings is True

The ID of the LDAP / "Windows Auth" / "OAuth 2.0" datasource that provides the Active Directory groups that Omnia Plant Group Mappings are mapped with. The ID may be taken from LDAP Connector.json , Windows Auth Connector.json or from OAuth 2.0 Connector.json from the attribute named "Id".

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close