In CitectSCADA you have the ability to incorporate CitectSCADA users and security options with the standard Windows security system. You can still use the existing CitectSCADA security if you prefer to define users in the project and logon to CitectSCADA runtime.
Using the integrated Windows security feature, the Windows user can logon to CitectSCADA runtime with runtime privileges and areas configured within the project. For a Windows user to be able to logon to runtime it needs to be linked to a CitectSCADA "Role" which is defined in the project with associated privileges
In order to link a Windows user to a CitectSCADA role add the "Role" that specifies the Windows group of which the Windows user is a member. The SCADA machines have to be added/belong to the domain that has the Windows users.
The pre-existing AutoLogin capability has also been extended to include the client, when the user is a Windows user, having an associated Citect role. In order to invoke this functionality for a Windows user you need to set the [Client]AutoLoginMode parameter in the Citect.ini file.
A CitectSCADA user will always take priority over a Windows user when logging in at runtime if the user is also included as a Windows user. However if a valid CitectSCADA user login does not succeed for some reason, the Windows user credentials will not be checked and an alert will be generated to advise that the login was not effective.
Conceptual diagram of CitectSCADA security and Windows security
Multi Signature support
When a Windows user is logged on to a runtime system with the associated privileges and areas of the role to which the user belongs, there are times when a higher level authorization is necessary for the user to perform certain actions. When this situation occurs the MultiSignatureForm Cicode function can be displayed through Cicode to allow authorization of an operation by another user who has the necessary level of privilege.