Support for SAML 2.0 and OpenID Connect (OIDC) federation protocols to enable centralized Identity and Access Management.

PROBLEM OR NEED TO SOLVE

Current AVEVA System Platform 2023 R2 SP1 authentication mechanisms do not support integration with modern enterprise identity providers using industry-standard federation protocols such as SAML 2.0 or OpenID Connect (OIDC).

Many customers, rely on centralized Identity and Access Management (IAM) platforms (e.g., Okta, Ping Identity) to enforce security policies such as Single Sign-On (SSO), Multi-Factor Authentication (MFA), and conditional access.

Without support for standard federation protocols, customers are forced to:

• Maintain separate user accounts within AVEVA systems

• Duplicate identity management efforts

• Lose alignment with corporate security and compliance policies

• Implement non-scalable or insecure workarounds

EXPECTED FUNCTIONALITY

AVEVA should support integration with external Identity Providers (IdPs) through standard federation protocols, specifically:

• SAML 2.0 support

  • Allow configuration of external IdPs using SAML metadata

  • Support SSO login flows via enterprise IdPs

  • Enable role/claim-based access mapping

• OpenID Connect (OIDC) support

  • Support authentication via OIDC-compliant providers

  • Allow configuration using client ID/secret and discovery endpoints

  • Support token-based authentication (ID token, access token)

• General capabilities

  • IdP-agnostic design (not limited to Okta; compatible with Azure AD, Ping, etc.)

  • Support for MFA enforced at the IdP level

  • Centralized user lifecycle management (provisioning/deprovisioning via claims or SCIM if applicable)

  • Seamless SSO experience across AVEVA applications

This enhancement would enable secure, scalable, and standards-based identity integration aligned with modern enterprise IT practices.