The User Prototypes container is a frozen slot under a station’s UserService. It contains a frozen Default Prototype to support centralized users in the station’s NiagaraNetwork and allows for additional user prototypes that support user synchronization and remote authentication schemes, such as LDAP, Kerberos, and SAML.
This set of user properties is a child component (baja-user) of the User Prototypes container under the UserService. Using the default prototype simplifies user management because its default values populate each new user. For example the default prototype can configure a set of minimum permissions that apply to all users and a typical Nav file to apply to all.
The only property value that does not serve as a default when creating a new user is Password.
LDAP and Kerberos support the default user prototype, however, SAML does not.
These prototypes (also baja-user components) enable network user synchronization. To create this type of prototype you duplicate the default prototype, giving each duplicate a new name and then modify its properties. You should name duplicate prototypes using descriptive text that can be logically associated with groups of station users, such as AdminHvac, GenOperations, LtgAndAlarms, and so on.
User prototypes appear under the UserService in the Nav tree and on its Property Sheet, but the User Manager view does not list them. Instead, when you add a user, the property Prototype Name provides a list of available prototypes from which to choose.
Prototype Name you choose. The default prototype serves as a template to populate a new user’s properties (all except Password). The Prototype Name applies only when synchronizing users.
This prototype (baja-UserPrototype) supports remote authentication schemes, including LDAP, Kerberos and SAML.
The properties provided by the baja-UserPrototype are similar to those of the default prototype with some exceptions. An Overridable property prevents a value from being overwritten with a default value at next login.