Security > Single Sign-on Authentication > Password-Protect H2 Database When SSO Enabled
  
Password-Protect H2 Database When SSO Enabled
If you are using the same H2 database that stores the ThingWorx model data to also store OAuth 2.0 access tokens (grants approvals), then the H2 database needs to be password-protected to guard the grants approval data. For new installations, when ThingWorx creates this database, it references the username and password settings in your sso-settings.json file and uses those values for the database. However, if you are upgrading and have an existing H2 database with model data, then you need to create an H2 database that is password-protected and migrate your ThingWorx model data to this database.
Complete the following steps to password-protect the H2 database:
1. Export your model data and time series/property value data from your existing H2 database.
2. Stop the ThingWorx instance to disable the H2 database.
3. Add the user name and password values to your platform-settings.json file under the PersistenceProviderPackageConfigs setting. The following is an example code snippet:
"PersistenceProviderPackageConfigs": {
"H2PersistenceProviderPackage": {
"ConnectionInformation": {
"username": "your-user-name",
"password": "your-password",
...
4. Add the user name and password values to your sso-settings.json file under the AccessTokenPersistenceSettings settings. The following is an example code snippet:
AccessTokenPersistenceSettings": {
"username": "your-user-name",
"password": "your-password",
5. Enable SSO and continue with your upgrade. ThingWorx creates an H2 database that is password protected based on the credentials defined in your sso-settings.json file.
6. Import your model data into the new password protected H2 database.