Access Control
IGNOS uses Azure AD to authenticate users. This means that all users and their access on ignos.io is handled by the customers active directory. There is no need to create new users in IGNOS, nor do we handle any passwords.
Role descriptions
Pulse
Pulse general roles
| Role | Name | Description |
|---|---|---|
| Apps.UtilizationDetails | Utilization Details | Required for users to be able to see utilization details and configure alert rules. |
| Pulse.Admin | Pulse Admin | Users with this role are allowed to manage Pulse settings and configuration |
Alarms
| Role | Name | Description |
|---|---|---|
| Alarms.Read | Alarms reader | Readers have the ability to browse machine alarms. |
Downtime reasons
| Role | Name | Description |
|---|---|---|
| Machines.DowntimeReasons.Write | Manage machine downtime reasons | Members can manage downtime reasons |
Sustainability
| Role | Name | Description |
|---|---|---|
| Iot.Admin | IOT Admin | Configure LogBoxes (power consumption tracking). |
Resource Capacity and Targets
| Role | Name | Description |
|---|---|---|
| Resources.Capacity.Write | Manage resource capacities and targets | Members can update resource capacities and targets |
| Resources.Target.Write | Manage resource targets | Members can update resource targets (but not capacities) |
Machine Capacity and Targets
| Role | Name | Description | Note |
|---|---|---|---|
| Machines.Capacity.Write | Manage machine capacities and targets | Members can update machine capacities and targets | ℹ️Deprecated: Use the roles in Resource Capacity and Targets instead. |
Recommended role setups for Pulse
Show recommended role setups
Here’s a table with recommended role setups based on workplace roles. These are only recommendations, and your setup may vary. Some roles have multiple options. See the tables above for role descriptions.
| Workplace role | Recommended Entra ID roles | Description |
|---|---|---|
| Operators | Alarms.Read | |
| Superusers | Option A | Choose Option A or B depending on the level of control required. |
| Managers | Alarms.Read | |
| Admins | Admin | Admin users implicitly has all of the roles available in the ignos.io platform (full access). |
Engage
| Role | Name | Description |
|---|---|---|
| Mes.Operator | MES Operator | Manufacturing execution system access for operators. |
| Mes.Reader | MES Reader | Manufacturing execution system access for readers only. |
Keep
| Role | Name | Description |
|---|---|---|
| Keep.Operator | Keep Operator | Operators can do everything except managing machines and communication settings. |
| Keep.Admin | Keep Admin | Admins can manage machines and communication settings. |
Inspect
Measurement Forms
| Role | Name | Description |
|---|---|---|
| MeasurementForms.Operator | Measurement Forms Operator | Operators have the ability to read form instances and log measurements. |
| MeasurementForms.InstanceAdmin | Measurement Forms Instance Admin | Operator permissions, CMM actions, view Schemas, and ability to create, delete, or complete Instances before they reach full progress. |
| Supplier.Admin | Supplier Admin | Lets the user administrate suppliers. Must be combined with one of the roles above. |
| MeasurementForms.Admin | Measurement Forms Admin | Gives access to everything in the measurement forms app. |
| QC.Admin | QC Admin | This is a combination of MeasurementForms.Admin and MeasuringTools.Admin. |
Measuring Tools
Read access is available to all users when the app is enabled and does not require any role.
| Role | Name | Description |
|---|---|---|
| MeasuringTools.Admin | Measuring Tools Admin | Manage measuring tools, calibrations, tool types, whitelists, import etc. |
| QC.Admin | QC Admin | This is a combination of MeasurementForms.Admin and MeasuringTools.Admin. |
Recommended role setups for Inspect
Show recommended role setups
Here’s a table with recommended role setups based on workplace roles. These are only recommendations, and your setup may vary. Some roles have multiple options. See the tables above for role descriptions.
| Workplace role | Recommended Entra ID roles | Description |
|---|---|---|
| Operators | MeasurementForms.Operator | |
| Superusers | Option A | Choose Option A, B or C depending on the level of control required. |
| Managers | Option A | Choose Option A or B depending on the level of control required. |
| QC Personnel | QC.Admin | See also the recommendations above if you'd like a more restricted level of access. |
| Admins | Admin | Admin users implicitly has all of the roles available in the ignos.io platform (full access). |
Move
| Role | Name | Description |
|---|---|---|
| Move.User | Move user | Can only view within the Admin and Driver modules |
| Move.Driver | Move driver | Can only view within the Admin module |
| Move.Admin | Move admin | Has no limitations |
MRB
| Role | Name | Description |
|---|---|---|
| Mrb.Trace | Mrb Trace | Users with this role are allowed to trace work orders. |
| Mrb.DocumentController | Mrb Document Controller | Document controllers can maintain MRB templates and create MRB's |
| Mrb.DataManager | Mrb Data Manager | Users with this role can maintain document types |
Workspace
| Role | Name | Description |
|---|---|---|
| Workspace.Admin | Workspace Admin | Allows customer wide workspace administration. |
Other
| Role | Name | Description |
|---|---|---|
| Erp | Erp data access | Enables the user to write ERP data. |
| Integration | Integration | Intended for applications and integrations. |
| Admin | Admin | Admin users implicitly has all of the roles above (full access). |
| Operations.Monitor | Operations Monitor | Users that need to see service/operations data for machines. Gives access to the health dashboard. |
| Machines.Groups.Write | Manage Machine Groups | Writers have the ability to create, update and delete machine groups. |
| ExternalServiceCredentials.Read | External service credentials reader | Gives applications acces to read credentials for external services. |
| Mes.CrossCompany | MES Cross Company | Users with this role are allowed to switch between companies. |
Role assignments
The IGNOS enterprise application defines a set of roles which can be assigned to users or groups within your organization, depending on what capabilities you want your users to have.
-
Sign in to the Azure Portal as an admin.
-
Search for and select Azure Active Directory.
-
Under Manage, select Enterprise applications and click on Ignos.
-
Under Manage, select Users and groups > Add user/group.
-
Select the user(s) or group(s) you want to assign role(s) to
-
Click on the role(s) you want to be assigned to the selected user(s) or group(s)
-
Click Assign
The new roles should be effective within an hour or after the next login.