• Welcome to the PTC Identity and Access Management Help Center
• Single Sign-on Overview
• Compatibility Matrix
• PingFederate as the Central Auth Server
  • Configuring the Central Auth Server – PingFederate
    • Installing PingFederate
    • Upgrading PingFederate
    • Configuring Authentication for Third-Party IdPs Manually
      • Configure the SSL Certificate for PingFederate
      • Configure PingFederate to Redirect User Login Requests to your IdP
      • Create Service Provider Connections for PTC Products
      • Configure the SSL Certificate for Application Layer Encryption and Signing
      • Create OAuth Clients for PTC Products
        • Creating OAuth Client Connection for ThingWorx
        • Creating OAuth Client Connections for Windchill
        • Creating OAuth Client Connection for Windchill RV&S as Resource Provider
        • Creating OAuth Client Connection for Arbortext Content Delivery
    • Configuring PingFederate as the Central Auth Server Automatically
      • Before you Run the Automation Scripts
        • Set User Properties
        • Review Default Properties
      • Run the Automation Scripts
      • Use the Generated Artifacts
  • Managing Scopes in Delegated Authorization
    • Register Scopes in the Central Auth Server
    • Registering Scopes in PTC Products
  • Examples of SSO Configurations
    • Example: PingFederate as the Identity Provider and Windchill DS as the Data Store
    • Example: Implementing SCIM with PingFederate as the Central Auth Server, ADFS as the Identity Provider, and Windchill as the Resource Provider
    • Example: Windchill SSO Implementation with PingFederate as Broker
• Azure AD as the CAS and IdP for ThingWorx
  • Configuring the Central Auth Server – Azure AD
  • Example: Azure AD as Central Auth Server and Identity Provider
    • Configuring Authentication with Azure AD
      • Authentication Prerequisites
      • Create or Invite Users in Azure AD
      • Create an Administrator User
      • Create an Enterprise Application in Azure AD
      • Configure User Assignment Properties in Azure AD
      • Configure ThingWorx for SSO
      • Provisioning Additional User Properties into ThingWorx
      • Creating, Mapping, and Using Groups
    • Configuring Authorization with Azure AD with ThingWorx as a Resource Provider or a Different Application as a Resource Provider
      • Authorization Prerequisites
      • Add a Redirect OAuth URL
      • Create a Secret Token for ThingWorx
      • Configure ThingWorx as a Resource Provider
        • Configure the resourceServerSetting.json File
      • Configure ThingWorx to Integrate with other Resource Providers
        • Update the ThingWorx sso-settings.json Configuration File (not required for ThingWorx application as Resource Provider)
        • Configure ThingWorx to Work with the Resource Provider
        • Validate Configuration and Grant Page
• Azure AD as the CAS and IdP for Windchill
  • Configuring the Central Auth Server – Azure AD
  • Example: Azure AD as Central Auth Server and Identity Provider
    • Configuring Authentication with Azure AD
      • Authentication Prerequisites
      • Create or Invite Users in Azure AD
      • Create an Administrator User
      • Create an Enterprise Application in Azure AD
      • Configure User Assignment Properties in Azure AD
    • Configuring Authorization with Azure AD
      • Authorization Prerequisites
      • Add a Redirect OAuth URL
      • Create a Secret Token for Windchill
      • Add the Exposed Scope of the Resource Provider to the API Permissions
      • Update the Windchill Configuration File
      • Validate Configuration and Grant Page
• AD FS as the CAS and IdP for ThingWorx
  • Configuring the Central Auth Server – AD FS
  • Example: AD FS as Central Auth Server and Identity Provider
    • Configuring Authentication with AD FS
      • Authentication Prerequisites
      • Create an Administrator User
      • Export the AD FS Signing Certificate
      • Add Relying Party Trusts
      • Create and Import the ThingWorx Signing Certificate
      • Add Attributes Mapping to the Relying Party Trust
      • Set up AD FS to Encrypt the Complete Message and Assertion
      • Configure ThingWorx for SSO
      • Provisioning Additional User Properties into ThingWorx
      • Mapping and Using Groups
    • Configuring Authorization with AD FS with ThingWorx as Resource Provider or a Different Application than ThingWorx as a Resource Provider
      • Authorization Prerequisites
      • Import the AD FS SSL Certificate
      • Configure a Client Application with ThingWorx as a Resource Provider in AD FS Application Groups
        • Configure the resourceServerSettings.json File
      • Configure ThingWorx with a Resource Provider in AD FS Application Groups when the Resource Provider is an Application other than ThingWorx
        • Update the sso-settings.json ThingWorx Configuration File
        • Configure ThingWorx to Work with the Resource Provider
        • Validate that ThingWorx is Working with the Configured Resource Provider