Security > Provisioning > Using SCIM with ThingWorx > SCIM Platform Settings
  
SCIM Platform Settings
Set additional SCIM configuration options in the following files:
platform-settings.json (all users)
sso-settings.json (only users who have configured SSO)
For more information, see Platform Settings and Configure sso-settings.json File.
platform-settings.json
These settings interact with the SCIM subsystem.
"PlatformSettingsConfig": {
"SCIMSettings": {
"enableSCIM": "true",
"autoStart": "false",
"ignorePFTestConnections": "true"
}
}
autoStart
true—The SCIM subsystem starts automatically after a ThingWorx reboot.
false—You must manually start the SCIM subsystem after a reboot.
enableSCIM
true—The SCIM subsystem is enabled at run time within the ThingWorx web application.
false—The SCIM subsystem is disabled at run time within the ThingWorx web application.
ignorePFTestConnections
true—The SCIM subsystem handles PingFederate testing connections.
false—The SCIM subsystem does not handle PingFederate testing connections. You will see wso2 exceptions in the Tomcat console or security log.
sso-settings.json
"SCIMAccessTokenServicesSettings": {
"authScimOAuthClientId": "SCIMClient"
"clientId": "SCIMClient",
"clientSecret": "ABC123_xyz",
"userAuthenticationConverterClassName": "com.ptc.eauth.identity.oauth2.rs.IntrospectionUserAuthenticationConverter",
"checkTokenEndpointUrl": "https://<PingFederate server>/as/introspect.oauth2"
}
* 
The values above are only examples. Your values will be different depending on your setup.
authScimOAuthClientId
The OAuth client ID configured for SCIM.
(Use the value you provided in the CLIENT ID field in Create an OAuth Client for SCIM.)
clientId
The OAuth client ID configured in the CAS used for token services.
(Use the value you provided in the CLIENT ID field in Create an OAuth Client for SCIM.)
clientSecret
The value you provided in the CLIENT SECRET field in Create an OAuth Client for SCIM.
userAuthenticationConverterClassName
The Java class name that is used to convert the Spring Authentication to a local user name.
Currently, the only acceptable value is the following:
com.ptc.eauth.identity.oauth2.rs.IntrospectionUserAuthenticationConverter
* 
This setting is optional. If it is not set, the IntrospectionUserAuthenticationConverter class will be used.
checkTokenEndpointUrl
The fully qualified URL pointing to the OAuth token introspection endpoint.
* 
You can verify the endpoint from the PingFederate Administrative Console. Select OAuth Settings > Authorization Server > InfoOAuth Endpoints.