Configuring the Central Auth Server

AD FS as the CAS and IdP for ThingWorx > Configuring the Central Auth Server – AD FS

Configuring the Central Auth Server – AD FS

PTC supports AD FS as the Central Auth Server (CAS) and the identity provider (IdP) for ThingWorx 9.2, 9.1.4, 9.0.9 and later. The CAS manages the trust relationship between PTC products participating in the SSO framework. The CAS acts as a broker between applications by authorizing user logins, once the user has been authenticated, and by issuing and verifying access tokens that are exchanged between service providers and resource servers.

ThingWorx implements the following elements in the SSO framework:

1. Use SAML assertions to authenticate users.

2. AD FS uses a model of administrator consent on behalf of users. After users are authenticated, they are not prompted by a grants approval page for consent when accessing resources.

Before you begin working with AD FS to configure authentication and authorization, be sure to complete the following lists of prerequisites:

• Authentication Prerequisites

• Authorization Prerequisites

For procedural information about configuring authentication and authorization with AD FS, see following SSO configuration example: AD FS as Central Auth Server and Identity Provider

For a demonstration of the AD FS setup process, see the video below. It walks-through of the steps required to set up SSO for ThingWorx in an environment where AD FS is both the CAS and the IdP. The focus is on the AD FS setup steps. The video is about 12 minutes long.

Was this helpful?