Overview
Industrial Edge Hub
Industrial Edge Hub
- Setup
- Operation
  Operation
  - Sign Up
  - Log in and sign out
  - Home
  - Application Provisioning
    Application Provisioning
    
    Hub to Hub transfer
  - Product Management
    Product Management
    
    Overview
  - Library
    Library
    
    Library
    
    Copying an app to IEM instances
    
    Purchasing an app
  - License Management
    License Management
    
    Overview
    
    Purchased licenses
  - IEM Instances
    IEM Instances
    
    IEM Instances
    
    Managing IEM instances
  - Download Software
  - User Management
    User Management
    
    Overview
    
    Inviting a new user
    
    Managing user roles
    
    User roles
  - Hub Settings
    Hub Settings
    
    Overview
    
    Renaming hub display names
  - Notification Settings
  - Switching hub
  - Cancelling an IE Hub Subscription
  - Customer Feedback
Industrial Edge Management
Industrial Edge Management
- IEM Overview
- Setup and operate
  Setup and operate
  - IEM Virtual
    IEM Virtual
    
    Setup
    Setup
    
    General requirements
    
    Setup steps
    
    Download the OVA Package
    
    Deploy the Virtual Machine
    Deploy the Virtual Machine
    
    VMware Workstation
    
    VMware ESXi Server
    
    Provision the IEM Virtual
    
    Operation
    Operation
    
    Network configuration via console
    
    Service & maintenance
    Service & maintenance
    
    Overview
    
    Login
    
    UI
    
    Download log files
    
    Security considerations
  - IEM Cloud
    IEM Cloud
    
    Setup
    Setup
    
    Creating the IEM Cloud Instance
    
    Revealing the initial user passwords
    
    Operation
    Operation
    
    Update
    
    Delete
  - IEM Pro
    IEM Pro
    
    Introduction
    Introduction
    
    Overview
    
    Architecture
    
    General Requirements
    
    Setup
    Setup
    
    Setup Cluster
    Setup Cluster
    
    Using kOps
    Using kOps
    
    Introduction
    
    Prerequisites
    
    Creating pro Cluster
    
    Adjusting created Security Groups
    
    Using minikube
    
    Using Docker Desktop
    
    Using K3s
    
    Using openshift
    
    Deploying IEM Pro
    
    Extensions
    Extensions
    
    Logging & Monitoring
    
    Device Catalog
    
    Uninstalling IEM Pro
    
    Operation
    Operation
    
    Proxy Settings
    
    TLS Certificate
    
    IE Gateway
    
    Monitoring
    
    Planning capacity
    
    Backup & Restore
    Backup & Restore
    
    Industrial Edge Management
    
    Provisioning CLI
    Provisioning CLI
    
    Overview
    
    Installation
    
    Selecting an IEM Pro Instance
    
    Configuration Input
    
    Importing and Exporting Configuration
    
    Configuration Files
    
    Configuration Stored in Cluster
    
    Interaction with Helm CLI
    
    Configure Service Mesh
  - IEM OS (deprecated)
    IEM OS (deprecated)
    
    Setup
    Setup
    
    Setup steps
    
    Downloading the Industrial Edge Management OS
    
    Creating an IEM instance and downloading the configuration file
    
    VMware Workstation
    VMware Workstation
    
    Creating the VM
    
    Configuring the VM
    
    Installing the Industrial Edge Management OS
    
    Oracle VirtualBox
    Oracle VirtualBox
    
    Creating the VM
    
    Configuring the VM
    
    Installing the Industrial Edge Management OS
    
    VMware ESXi
    VMware ESXi
    
    Creating and configuring the VM
    
    Installing the Industrial Edge Management OS
    
    Configuring the Industrial Edge Management
    
    Activating & Installing the Industrial Edge Management
    Activating & Installing the Industrial Edge Management
    
    Activating the Industrial Edge Management
    
    Installing the Industrial Edge Management
    
    Settings
    Settings
    
    Settings
    
    Editing network settings
    
    Setting up a proxy server
    
    Configuring the Docker network
    
    Downloading system logs
    
    Adding an NTP server
    
    Certificate requirements
    
    Installing configurators
    
    Adding a relay server
    
    Operation
    Operation
    
    Overview
    
    Sign up
    
    Log in
    
    Reset password
    
    Home
    Home
    
    Home
    
    User profile
    
    Storage Manager service
    
    Catalog
    
    Statistics
    
    My User Groups
    My User Groups
    
    Overview
    
    Creating and editing an user group
    
    Roles
    
    Adding apps
    
    Inviting members
    
    Removing apps
    
    Settings
    Settings
    
    Settings
    
    Alerts
    
    Configuration
    
    Connectivity
    
    Storage
    Storage
    
    Storage
    
    Adding additional storage to the IEM
    Adding additional storage to the IEM
    
    IEM
    
    Oracle
    
    VMWare
    
    VMWare esxi
    
    System
    System
    
    System
    
    Adding and editing NTP servers
    
    Members
    
    Backup and restore
    Backup and restore
    
    Creating a backup of the IEM OS
    Creating a backup of the IEM OS
    
    via VM Workstation
    
    via Oracle
    
    Restoring the IEM OS from a backup
    Restoring the IEM OS from a backup
    
    via VM Workstation
    
    via Oracle
    
    Industrial Edge Management Services
    Industrial Edge Management Services
    
    Overview
    
    Service to Backup & Restore Edge Devices
    Service to Backup & Restore Edge Devices
    
    Overview
    
    Installation
    
    Update
    
    Configuration
    Configuration
    
    Configuration
    
    Storage size
    
    Monitoring service
    
    Backup devices
    
    Restore devices
    
    Compatibility
- Utilize
  Utilize
  - Launchpad
  - Navigation
    Navigation
    
    Top navigation
    
    Sign up & Navigation (Previous design)
    Sign up & Navigation (Previous design)
    
    Sign up
    
    Log in and sign out
    
    Reset password
    
    Home page
    
    Certificate Management
    Certificate Management
    
    Types of certificates
    
    Overview
    
    Communication relations
    
    Secure connections to the IEM
    Secure connections to the IEM
    
    Overview
    
    Importing certificates to the internet browser
    
    Alerts
    
    User profile
    
    Navigation
  - Homepage
    Homepage
    
    Discover a new experience
  - Applications
    Applications
    
    Management Applications
    
    Pre-Provisioned Applications
    
    Device Applications
    
    Install Device Applications
    
    Catalog (Previous design)
    Catalog (Previous design)
    
    Overview
    
    Importing Edge Apps
    
    Installing an app from the catalog
    
    My Installed Apps (Previous design)
    My Installed Apps (Previous design)
    
    Overview
    
    Managing an app
    
    Scheduling an app job
  - Devices
    Devices
    
    Device overview
    
    Device onboarding
    Device onboarding
    
    Overview
    
    Device configuration
    
    Device onboarding
    
    Device configuration (legacy user interface)
    Device configuration (legacy user interface)
    
    Creating the Edge Device configuration file
    
    New Edge Device - Parameters
    
    Layer 2 network access
    
    Configuring a Layer 2 network access
    
    Settings
    Settings
    
    Editing network and Layer 2 network access settings
    
    Setting up a proxy server
    
    Configuring the Docker network
    
    Downloading logs
    
    Adding an NTP Server
    
    Secure Connection
    
    Device details
    Device details
    
    Details
    
    Settings
    Settings
    
    Memory limit check
    
    Certificate
    
    Streaming logs
    
    Logging
    Logging
    
    Overview
    
    Editing log settings
    
    Device logs
    
    Application logs
    
    Backup & Restore
    Backup & Restore
    
    Configuration
    
    Backup devices
    
    Restore devices
    
    Compatibility
    
    Monitoring Service
    
    Identity federation
    Identity federation
    
    Configuration
    
    Known Issues
    
    Edge Devices (Previous design)
    Edge Devices (Previous design)
    
    Overview
    
    Managing labels
    
    Checking statistics
    
    Removing an Edge Device
    
    Adding tags
    
    Downloading IEM CA certificate
    
    Managing logs
    
    Importing certificates
    
    Enabling and disabling remote access
    
    Storing an Edge Device state
    
    Restoring an Edge Device state
    
    Edge Device system commands
    Edge Device system commands
    
    Edge Device system commands
    
    Updating an Edge Device
    
    Storing multiple Edge Device states
    
    Restoring IED states of multiple Edge Devices
  - Data Connection
    Data Connection
    
    Overview
    
    Apps for Data Connection
    
    UI of Data Connections
  - App Projects (Previous design)
    App Projects (Previous design)
    
    Overview
    
    Authorized Apps
    Authorized Apps
    
    Overview
    
    Joining other projects
    
    Creating a project
    
    Editing a project
    
    Creating an app
    Creating an app
    
    Creating an app
    
    Creating an app - Parameters
    
    Assigning labels
    
    Enabling the external configurator
    
    App details
    
    App configurations
    App configurations
    
    Creating configurations
    
    Available app configurations
    
    Versioned configuration files
    
    Template based configurations
    
    File upload configurations
    
    Add configuration to app - Parameters
    
    IE Application Configuration Service
    IE Application Configuration Service
    
    Overview
    
    Installing the IE App Configuration Service manually
    
    Integration of the IE Acs compatible app configurations
    
    Downloading and checking app configuration
    
    Installing an app from my projects
    Installing an app from my projects
    
    Installing an app from my projects
    
    Installing an app via the IE ACS
    
    Updating an app configuration via the IE ACS
    
    Privileged and network mode
    
    Updating Edge Apps via the IE App Publisher
    Updating Edge Apps via the IE App Publisher
    
    Updating an Edge App
    
    Importing an Edge App to the IE App Publisher
    
    Uploading an Edge App to the IEM
  - User Management (Previous design)
    User Management (Previous design)
    
    My User Groups
    My User Groups
    
    Overview
    
    Creating and editing an user group
    
    Roles
    
    Adding apps
    
    Inviting members
    
    Removing apps
    
    My Admin Groups
    My Admin Groups
    
    Overview
    
    Creating and editing an admin group
    
    Roles
    
    Adding an Edge Device
    
    Inviting Members
    
    Joining other groups
    
    Removing and checking Edge Devices
  - Job status (Previous design)
    Job status (Previous design)
    
    Overview
  - Admin Management
    Admin Management
    
    Overview
    
    Dashboard
    
    Edge Devices
    Edge Devices
    
    Edge Devices
    
    Downloading logs
    
    Submitted apps
    Submitted apps
    
    Submitted apps
    
    Unpublishing apps
    
    Deleting apps
    
    Registered Users
    Registered Users
    
    Registered Users
    
    Transfer IEM access
    
    Manage Roles
    Manage Roles
    
    Manage Roles
    
    Creating a role
    
    My Admin Groups
    My Admin Groups
    
    My Admin Groups
    
    Creating an admin group
    
    Inviting members to an admin group
    
    Settings
    
    Security
    
    Device Catalog
    
    Licenses
    Licenses
    
    License Management in IEM Virtual / Pro / Cloud
    
    License Management in IEM OS (deprecated)
    License Management in IEM OS (deprecated)
    
    IE Licensing Service
    
    Creating and sending license report to IE Hub
    
    Installing the IE Licensing Service
  - Platform settings
  - Identity and Access Management
    Identity and Access Management
    
    Overview of IAM
    
    Authorization concept
    
    User management
    
    Security
    
    Adding identity provider Adding identity provider
    Table of contents
    
    Prerequisites
    
    Assign manage-identity-providers role to a user
    
    Via OIDC
    
    Via SAML
    
    Clients
    
    Guides
    Guides
    
    Verify users email address
    
    Known issues
    
    Technical overview
    
    Known issues
    
    Best practices
Industrial Edge Device
Industrial Edge Device
- Setup and operate
  Setup and operate
- Utilize
  Utilize
  - Apps
  - Management
  - Statistics
  - Certificate Management
    Certificate Management
    
    Overview
    
    Manage IED Gateway Certificates
    
    Manage Certificate Trust Store
  - App Developer Mode
    App Developer Mode
    
    Overview
    
    Advanced View
  - Identity And Access Management
    Identity And Access Management
    
    Roles
  - My User Groups
    My User Groups
    
    Overview
    
    Creating and editing a group
    
    Roles
    
    Adding apps
    
    Inviting users
    
    Inviting registered Users
  - Catalog
  - Settings
    Settings
    
    Configuration
    
    Connectivity
    Connectivity
    
    Network and Layer 2 network access
    
    Proxy settings
    
    Docker network settings
    
    Registered ports
    
    System
    System
    
    System
    
    Enabling app developer mode
    
    Members
    
    Registered users
    
    Logging & Monitoring
    Logging & Monitoring
    
    Overview
    
    Stream based Logging
    Stream based Logging
    
    Metrics Service overview
    
    Destination
    Destination
    
    Management
    
    Specs
    
    Examples
    
    Creating metrics configuration
    
    Export & Import configuration
    
    Global Settings & Limitations
    
    Metrics data
    
    Prometheus Support
    
    File based Logging
    
    Resource Manager
  - Edge Device Notifications
  - Storage manager service
  - Audit Event
Security
Security
- General Data Protection Regulation (GDPR)
- System Overview
- Certificates
- Operational environment - Example
- Contacted domain names
- IP protocols and ports
- Industrial Edge components - Security measures
  Industrial Edge components - Security measures
- Setup guidelines and recommendations
  Setup guidelines and recommendations
  - Setup guidelines and recommendations
  - General recommendations
  - Network security and segmentation
  - Identity and access management
  - Secure channels and encryption
  - Security logging and monitoring
  - Backup and restore
  - Attack Surface Reduction
  - Patch management
    Patch management
    
    Overview
    
    Information on updates
    
    Patch management
  - Malware protection
  - Secure app development
  - App security
Updates & Migrations
Updates & Migrations
- Overview
- Updating the IEM Pro
- Updating the IEM Virtual
- Updating the IEM Cloud
- Updating the IEM OS (end-of-life)
  Updating the IEM OS (end-of-life)
- Updating Configurators (end-of-life)
- Updating Device Applications
- Updating Edge Devices
- Relocating Edge Devices
- Migrate to Management Apps
Support

Adding Identity Provider¶

Prerequisites¶

User with access to IAM (a.k.a. Keycloak)
User in Keycloak with the Role manage-identity-providers (see Assign manage-identity-providers role)

Assign `manage-identity-providers` role to a user¶

Go to the IEM url and log in using the customer_admin user, or any existing users with access to IAM:

https://<IEM-IP or HOSTNAME>
Once logged-in select the Identity & Access Management tile in the launchpad.
Navigate to Users and click on customer_admin
Switch to the Role mapping tab.
Click Assign role and then select in the Filter drop-down Filter by clients
Search and select the realm-management manage-identity-providers Role.
Click Assign.

The respective roles has been assigned to the user.

Via OIDC¶

The following step-by-step instructions describe the process of connecting Keycloak to Auth0 using OIDC as an example. More information on federation with OIDC can be found here.

To connect Keycloak to Auth0 via OIDC, proceed as follows:

Log into Auth0.
In the navigation on the left, navigate to Applications > Applications.
Click Create Application.
Enter a name and select an application type (e.g. Regular Web Applications).
Click Create.

The app is created.
Navigate to the Settings tab, there can be found the information for the following steps, which needs to be copied from Keycloak to Auth0 and vice versa.
Go to the IEM url and log in using the customer_admin user, or any existing users with access to IAM:

https://<IEM-IP or HOSTNAME>
Once logged-in select the Identity & Access Management tile in the launchpad.
In the navigation on the left, navigate to Identity Providers.
From the User-defined section, select OpenID Connect v1.0.
Optionally, enter another name in the Alias input field to clearly identify the identity provider.
Copy and paste the following 2 URLs to Auth0:
- Redirect URl in Keycloak to Allowed Callback URLs in Auth0
- Allowed Web Origins
Copy and paste the Authorization URL from Auth0 to Keycloak under the Discovery Endpoint Field:

13.1 Make sure the Use discovery endpoint is enabled, if Keycloak can access it, it will import the rest of the endpoints and display a green check icon.

13.2 In case the metadata import failed, copy and paste manually the following endpoints from Auth0 to Keycloak
- Authorization URL
- Token URL
- User Info URL (optional)
From the Client Authentication drop-down list in Keycloak, select the same value you set as the Token Endpoint Authentication Method in Auth0.
Copy and paste the Client ID and Client Secret from Auth0 to Keycloak.
Save your application settings in Auth0 and the identity provider settings in Keycloak.

The login option has been added to the login page.

Via SAML¶

The following step-by-step instructions describe the process of connecting Keycloak to Auth0 using SAML as an example. More information about federation with SAML can be found here.

To connect Keycloak to Auth0 via SAML, proceed as follows:

Log into Auth0.
In the navigation on the left, navigate to Applications > Applications.
Click Create Application.
Enter a name and select an application type (e.g. Regular Web Applications).
Click Create.

The app is created.
Go to the IEM url and log in using the customer_admin user, or any existing users with access to IAM:

https://<IEM-IP or HOSTNAME>
Once logged-in select the Identity & Access Management tile in the launchpad.
In the navigation on the left, navigate to Identity Providers.
From the User-defined section, select SAML v2.0.
Copy the Open IDP Config URL and paste it into SAML entity descriptor.
Copy and paste the following 2 URLs to Auth0:
- Redirect URl in Keycloak to Allowed Callback URLs in Auth0
- Allowed Web Origins
Save your application settings in Auth0 and the identity provider settings in Keycloak.

The login option has been added to the login page.