Support for Active Directory Federation Services (including two-factor authentication capability) - Metasys - LIT-1201528 - General System Information - Metasys System - 12.0.50

Security Administrator System Technical Bulletin

Product
Building Automation Systems > Building Automation Systems > Metasys System
Document type
Technical Bulletin
Document number
LIT-1201528
Version
12.0.50
Revision date
2023-06-02

Active Directory Federation Services integration with two-factor authentication is a licensed feature to add ADFS support to the Metasys Server. ADFS is a single sign-on solution developed by Microsoft®. Use ADFS to provide two-factor authentication for access to Metasys. ADFS helps prevent unauthorized access to Metasys, which, if not prevented, could result in data, financial, and reputational loss, system disruption, and other negative consequences.

Note: ADFS is only available in Metasys UI on non-MVE sites. It is not available for Metasys UI on MVE sites and is not available for JCT, Metasys SMP, or SCT. The ADFS single sign-on and multi-factor authentication are configured on the customer's ADFS system.

Keep Me Signed In (KMSI) provides users with a login assurance that persists beyond the current session. KMSI provides a user with a 24-hour cookie that allows for logins to persist across browser sessions for up to one day.

Table 1. Active Directory Federation Services

Application

ADFS login supported

KMSI on ADFS server

Two-factor Authentication on ADFS server

ADS/ADX Site Management Portal UI

No

No

No

SCT

No

No

No

Metasys UI for non-MVE Metasys Servers (ADS/ADX, OAS)

Yes

Yes

Yes

Johnson Controls System Configuration Tool (JCT)

No

No

No

Metasys Advanced Reporting System

NA

NA

NA

Network Engine

No

No

No

Metasys for Validated Environments SMP UI and Metasys UI

No

No

No