How to Set Up User Authentication on NJ and NX PLCs
Introduction
This guide is for NJ and NX PLCs with firmware v1.49 or later, or NX701 PLCs with firmware v1.29 or later.
The above PLCs have security enhancements over previous models and firmware versions, one of which is the ability to enable user authentication.
User authentication allows an administrator to set up multiple user accounts on the PLC in order to restrict access to only authorised sources, and to allow those sources to only undertake authorised activities.
Pre-Requisites
Basic Sysmac Studio knowledge.
Basic knowledge of system administration concepts.
Procedure
Step 1
User authentication can be enabled through one of two methods.
- When a new PLC is first powered on and connected online through Sysmac Studio, it will prompt the user to register an administrator user, and ask whether to enable user authentication, as shown in the below image.
- For a non out-of-box PLC, connect online using Sysmac Studio and navigate to the 'Controller' menu at the top of the window, mouse over 'Security', and select 'Set Up User Account…'. The option to enable user authentication is at the top of the User Account Settings window that appears, as shown in the below image. Note that an administrator user must be registered before enabling user authentication, this registration can be performed using the '+' button.
Step 2
Once user authentication is enabled and an administrator is registered, the administrator is able to add additional users with the User Account Settings window (shown in the previous step), or by selecting ‘Set Up User Account…’ from the ‘Controller’ → ‘Security’ menu.
Note that these additional users may have different levels of operation authority over the PLC, which is set during the creation of the user profile, and may be changed at later dates.
Alternative to setting up new username and password combinations, passwords can instead be set for levels of operation authority. To enable this, select ‘Setting of Operation Authority’ from the ‘Controller’ → ‘Security’ menu, and check the ‘Enable the verification of operation authority’ box at the top of the pop-up window. This window also allows for changing the passwords for each level of operation authority, and determining if there is a level of operation authority for a connection without a password.
Step 3
If operation lock or password age settings are required, they can also be enabled on this window, and configured as appropriate.
Operation lock refers to a setting where the PLC and Sysmac Studio will track inactivity, and if the specified time period is elapsed, it will require entering the user's password to continue.
Password age refers to an expiry period for passwords, such that after the specified time period, the password will become invalid. A secondary time period allows for the user to be warned prior to the expiry date that their password is expiring soon and will require changing.
Current password validity periods can be checked by selecting ‘Show user account list' from the ‘Controller’ → ‘Security’ menu.
It is strongly recommended that if password age is utilised, a battery should be connected to the PLC, and the controller's clock should be set appropriately. Otherwise, the password age setting may not function appropriately.