Security > Single Sign-on Authentication > Configure ThingWorx for Single Sign-On > Create the symmetric Folder
  
Create the symmetric Folder
For greater security, you can encrypt access tokens before they are persisted. When a user logs in, an access token is created and associated with the user session. During the token generation process, you can ensure that encryption occurs in the token generation process before the token is created. To do this, create the symmetric folder under the ssoSecurityConfig directory.
Create a metafile in this directory with the following code snippet:
{
"name": "SAM",
"type": "AES",
"encrypted": false,
"purpose": "DECRYPT_AND_ENCRYPT",
"versions": [
{
"versionNumber": 1,
"status": "PRIMARY",
"exportable": false
}
]
}
* 
Set this file path as the value of the keyczarKeyFolderPath parameter in the sso-settings.json file. In this case, when you configure the sso-settings.json file, you must set the encryptTokenInDatabase setting to true.
Additional information about the values in the metafile and creating a Keyczar file can be found at the following industry community pages:
https://github.com/google/keyczar/wiki/KeyMetadata
https://github.com/google/keyczar/wiki/KeyczarTool