Configuring the Central Auth Server – Microsoft Entra ID
PTC supports Microsoft Entra ID as the Central Auth Server (CAS) and the identity provider (IdP) for ThingWorx 9.2, 9.1.4, 9.0.9 and later. The CAS manages the trust relationship between PTC products participating in the SSO framework. The CAS acts as a broker between applications by authorizing user logins, once the user has been authenticated, and by issuing and verifying access tokens that are exchanged between service providers and resource servers.
ThingWorx implements the following elements in the SSO framework:
1. Use SAML or OIDC assertions to authenticate users.
2. After the user has been authenticated, Microsoft Entra ID presents the user with a grants approval page where it asks the user to grant permissions for use of data from the resource server application.
Before you begin working with Microsoft Entra ID to configure authentication and authorization, be sure to complete the following lists of prerequisites:
For a demonstration of the Microsoft Entra ID setup process, see the video below. It walks-through of the steps required to set up SSO for ThingWorx in an environment where Microsoft Entra ID is both the CAS and the IdP. The focus is on the Microsoft Entra ID setup steps. The video is about 10 minutes long.
In this video, Microsoft Entra ID is mentioned as Azure AD, its former product name.