Azure AD as the CAS and IdP for ThingWorx > Configuring the Central Auth Server – Azure AD
Configuring the Central Auth Server – Azure AD
PTC supports Azure AD as the Central Auth Server (CAS) and the identity provider (IdP) for ThingWorx 9.2, 9.1.4, 9.0.9 and later. The CAS manages the trust relationship between PTC products participating in the SSO framework. The CAS acts as a broker between applications by authorizing user logins, once the user has been authenticated, and by issuing and verifying access tokens that are exchanged between service providers and resource providers.
ThingWorx implements the following elements in the SSO framework:
1. Use SAML assertions to authenticate users.
2. After the user has been authenticated, Azure AD presents the user with a grants approval page where it asks the user to grant permissions for use of data from the resource provider application.
* 
Currently, Azure AD B2B and Azure AD Government are supported. Azure B2C will be supported in a future release.
Before you begin working with Azure AD to configure authentication and authorization, be sure to complete the following lists of prerequisites:
For procedural information about configuring authentication and authorization with Azure AD, see following SSO configuration example: Azure AD as Central Auth Server and Identity Provider
For a demonstration of the Azure AD setup process, see the video below. It walks-through of the steps required to set up SSO for ThingWorx in an environment where Azure AD is both the CAS and the IdP. The focus is on the Azure AD setup steps. The video is about 10 minutes long.
Was this helpful?