• Welcome to the PTC Identity and Access Management Help Center
• Single Sign-on Overview
• Compatibility Matrix
• PingFederate as the Central Auth Server
  • Configuring the Central Auth Server – PingFederate
    • Installing PingFederate
    • Upgrading PingFederate
    • Configuring Security Rules
    • Configuring Authentication for Third-Party IdPs Manually
      • Configure the SSL Certificate for PingFederate
      • Configure PingFederate to Redirect User Login Requests to your IdP
      • Create Service Provider Connections for PTC Products
      • Configure the SSL Certificate for Application Layer Encryption and Signing
      • Create OAuth Clients for PTC Products
        • Creating OAuth Client Connection for ThingWorx
        • Creating OAuth Client Connections for Windchill
        • Creating OAuth Client Connection for Windchill RV&S as Resource Server
        • Creating OAuth Client Connection for Arbortext Content Delivery
    • Configuring PingFederate as the Central Auth Server Automatically
      • Before you Run the Automation Scripts
        • Set User Properties
        • Review Default Properties
      • Run the Automation Scripts
      • Use the Generated Artifacts
  • Managing Scopes in Delegated Authorization
    • Register Scopes in the Central Auth Server
    • Registering Scopes in PTC Products
  • Examples of SSO Configurations
    • Example: PingFederate as the Identity Provider and Windchill DS as the Data Store
    • Example: Implementing SSO with PingFederate as the Central Auth Server, AD FS as the Identity Provider, SCIM as the User Provisioning Method, and Windchill as the Resource Server
    • Example: Windchill SSO Implementation with PingFederate as Broker
• Microsoft Entra ID as the CAS and IdP for ThingWorx
  • Configuring the Central Auth Server – Microsoft Entra ID
  • Example: Microsoft Entra ID as Central Auth Server and Identity Provider
    • Configuring Authentication with Microsoft Entra ID
      • Authentication Prerequisites
      • Create or Invite Users in Microsoft Entra ID
      • Create an Administrator User
      • Create an Enterprise Application in Microsoft Entra ID
      • Configure User Assignment Properties in Microsoft Entra ID
      • Configure ThingWorx for SSO
      • Provisioning Additional User Properties into ThingWorx
      • Creating, Mapping, and Using Groups
    • Configuring Authorization with Microsoft Entra ID with ThingWorx as a Resource Server or a Different Application as a Resource Server
      • Authorization Prerequisites
      • Add a Redirect OAuth URL
      • Create a Secret Token for ThingWorx
      • Configure ThingWorx as a Resource Server
      • Configure ThingWorx to Integrate with Other Resource Servers
        • Update the ThingWorx sso-settings.json Configuration File (not required for ThingWorx application as Resource Server)
        • Configure ThingWorx to Work with the Resource Server
        • Validate Configuration and Grant Page
• Microsoft Entra ID as the CAS and IdP for Windchill
  • Configuring the Central Auth Server – Microsoft Entra ID
  • Example: Microsoft Entra ID as Central Auth Server and Identity Provider
    • Configuring Authentication with Microsoft Entra ID
      • Authentication Prerequisites
      • Create or Invite Users in Microsoft Entra ID
      • Create an Administrator User
      • Create an Enterprise Application in Microsoft Entra ID
      • Configure User Assignment Properties in Microsoft Entra ID
    • Configuring Authorization with Microsoft Entra ID
      • Authorization Prerequisites
      • Add a Redirect OAuth URL
      • Create a Secret Token for Windchill
      • Add the Exposed Scope of the Resource Server to the API Permissions
      • Update the Windchill Configuration File
      • Validate Configuration and Grant Page
• Azure AD B2C as the CAS for ThingWorx
  • Configuring the Central Auth Server – Azure AD B2C
  • Example: Azure AD B2C as the Central Auth Server
    • Configuring Authentication with Azure AD B2C
      • Create an Enterprise Application in Microsoft Entra ID
      • Configure Microsoft Entra ID IdP in Azure AD B2C
      • Configure User Flow in Azure AD B2C
      • Register an Application in Azure AD B2C
      • Configure ThingWorx for SSO
      • Creating, Mapping, and Using Groups
    • Configuring Authorization with Azure AD B2C with ThingWorx as a Resource Server
      • Authorization Prerequisites
      • Add a Redirect OAuth URI
      • Create a Secret Token for ThingWorx
      • Configure ThingWorx as a Resource Server
• AD FS as the CAS and IdP for ThingWorx
  • Configuring the Central Auth Server – AD FS
  • Example: AD FS as Central Auth Server and Identity Provider
    • Configuring Authentication with AD FS
      • Authentication Prerequisites
      • Create an Administrator User
      • Export the AD FS Signing Certificate
      • Add Relying Party Trusts
      • Create and Import the ThingWorx Signing Certificate
      • Add Attributes Mapping to the Relying Party Trust
      • Set up AD FS to Encrypt the Complete Message and Assertion
      • Configure ThingWorx for SSO
      • Provisioning Additional User Properties into ThingWorx
      • Mapping and Using Groups
    • Configuring Authorization with AD FS with ThingWorx as Resource Server or a Different Application than ThingWorx as a Resource Server
      • Authorization Prerequisites
      • Import the AD FS SSL Certificate
      • Configure a Client Application with ThingWorx as a Resource Server in AD FS Application Groups
      • Configure ThingWorx with a Resource Server in AD FS Application Groups when the Resource Server is an Application other than ThingWorx
        • Update the sso-settings.json ThingWorx Configuration File
        • Configure ThingWorx to Work with the Resource Server
        • Validate that ThingWorx is Working with the Configured Resource Server