Provisioning Additional User Properties into ThingWorx

AD FS as the CAS and IdP for ThingWorx > Example: AD FS as Central Auth Server and Identity Provider > Configuring Authentication with AD FS > Provisioning Additional User Properties into ThingWorx

The LDAP attributes that you mapped to the Relying Party Trust can be mapped to one of the existing ThingWorx User Extension fields.

If you need to add additional LDAP attributes to the Relying Party Trust in AD FS, use the Edit Claim Issuance Policy action. In the table, add the respective LDAP Attributes and Outgoing Claim Types values of the attributes you want to include.

For more information, see the table of LDAP attributes in Add Attributes Mapping to the Relying Party Trust.

To perform the mapping, follow the steps below.

1. In ThingWorx Composer, under the Security section of the left navigation panel, click Authenticators and open the ThingworxSSOAuthenticator. For more information, see Single Sign-On Authenticator in the ThingWorx Help Center.

2. On the Configuration tab, scroll down to the User Extension Provision Names section, and click Add. The UserExtensionProvisionNames popup window opens.

3. Enter the required information in the popup window. In the Identity Provider Attribute, enter the Metadata Attribute Name that corresponds to the LDAP attribute, as displayed in the table of LDAP attributes in Add Attributes Mapping to the Relying Party Trust.

The image below is an example of emailAddress mapping.

4. Click Add and then Save to save the configuration.

Was this helpful?