Simatic Logon

7 Minute Read

Article to figure out what to order for Simatic Logon and how to get going quickly. Video tutorial link at end.

To work in a network with Windows operating system, the computers must belong to a workgroup or domain. The main difference between these two user administrations is the central distribution of resources, such as access to directories, printers, or Internet access, and the ability to manage the security settings of execution rights, access information, or group policies.

In a domain, the domain controller is a server on which the central headquarters for security and privileges of all user-profiles and computer accounts of the domain are maintained.


Simatic Logon in this link between Active Directory controlled by the domain and a WinCC runtime system in the many forms. Ultimately this is a tool that helps simplify the validation of plants in conformity to FDA 21 CFR Part 11.


Users have to be created one time in windows environment and also the existing domain or workgroup users could be used Logging the following events:

  • User Logon/Logoff

  • User authentication

  • Changing password

  • Electronic signature


There are two main SIMATIC Logon (SL) Licenses:

6ES76587BX610YA0

Simatic Logon Server

For all PCs or servers where Simatic Logon is installed

SIMATIC Logon V1.6, software Single license for 1 installation R-SW, SW and documentation on CD, License key on USB flash drive, Class A, 7 languages (de,en, fr,it, sp,jp, ch), executable in Windows 7 Ultimate Windows 10 Enterprise LTSB Server 2012 R2 Reference HW: PC/PG Reference HW: PC/PG ******************************* Content: Set (1x DVD + 1x USB)

6ES76587BA002YB0

Logon Remote Access (3 clients)

For WinCC Professional panels, or Comfort panels

SIMATIC Logon, software Remote Access for 3 clients, (WinCC flexible from 2007 or WinCC TIA Portal), Single license for 1 installation E-SW, without SW, without documentation License key on USB flash drive, Class A, Reference HW: PC/PG ******************************* Content: 1x USB

**alternative 10 qty available too

Example Network Diagram for Simatic Logon Configuration on Comfort Panel

The Alarm buffer of the Comfort Panel, for example, can display connection information for SIMATIC Logon using the System Events being visible in the Alarm buffer. Using HMI Options + you can see in the alarm display that the system events report successful connection to the Simatic Logon server.

SIOS ID# 109754400 Simatic HMI Option+

No. 260039 System event code generated by Comfort Panel showing successful access to Simatic Logon services

Configuration of the Simatic Logon services and User Administration is linked in settings within TIA Portal. Encryption is available and an example of required settings is also posted on SIOS website. The following doesn't involve the configuration of these services but the following link has an FAQ about how to implement the settings.

SIOS ID# 109480490 how do you encrypt the connection between simatic logon and a comfort panel or a wincc runtime advanced

Runtime Settings of the panel allows for the configuration of Simatic Logon services in the Comfort panel

Here's the true squeeze, Do not rely on any group name for your policy enforcement that is already existing in a windows environment. For example, you cannot use the group name "Users". This already exists in windows for every account that is available, and the Simatic Logon can only enforce one user group at a time. Create Custom user groups, and interlace them with the same user groups available in the TIA Portal configuration. Also, provide yourself a way out in case the Simatic Logon services aren't properly connected or functioning. This is often referred to as an Emergency Logon user. In the SIOS application example below there are specific details on configuring Simatic Logon services for a comfort panel among other WinCC platforms.

SIOS ID# 109738532 User Administration

Configuring users in TIA Portal with correct naming that matches in Active Directory, be sure not to forget the Emergency Local account

Active Directory containing the same users and group assignments as in the TIA Portal configuration

If you install SIMATIC Logon on the Plant Domain Computer then a “Logon_Administrator” group is created automatically. If you do not install SIMATIC Logon on the Domain you need to create the group. The users that will be authorized to configure SIMATIC Logon need to be added as members.

Assign administrative rights to access and configure Simatic Logon

Run the Simatic Logon Configuration as an administrator, and login using the user credentials same as current users login. Default users and Default groups do not have to be a windows group or user. The user must be a member of Logon_Administrator to function correctly.

Launch the interface with "Run as administrator"

For server, and where it gets the user information, Simatic Logon Server allows for connection to the working environment in two distinct ways. This computer or a work domain as the setting allows the computer to connect directly to the Domain controller or the local "computers and users" that use the active directory. As an alternative any computer on the network can be selected using "another computer"; this could include a system that doesn't implement an active directory but chooses to drive it with a workgroup instead.

Used for recording SIMATIC logon events. Options include filtering events of certain criteria, applying comments, and exporting the log as a .CSV, .PDF, .XML

Please support our Youtube channel by subscribing

Simatic Logon with Comfort Panel Video

Simatic Logon using TIA Portal and WinCC Comfort Panel

Helps simplify validation of plants in conformity to FDA 21 CFR Part 11. The outcome shows how to configure a comfort panel to manage user login information with a more centralized management system like an active directory. The mechanism Simatic Logon v1.6 installed as a server allows for the transfer of windows based user roles and logins for the Comfort panel and helps suffice the 21 CFR requirements in a windows based environment by neatly storing user management data in a log that is accessible while still non-manipulatable. The comfort panel simply relies on similar group names within TIA Portal for access to the windows user groups. From there Simatic Logon checks for user logon against what is available in the Active Directory for the user's role. This allows for efficient updating of new users or removal of old users in a windows environment, instead of the management of users within TIA Portal.