Configure ThingWorx for SSO
1. Before beginning to configure ThingWorx for SSO, stop the ThingWorx server.
◦ In
Add the IdP Metadata File – Copy the
sso-idp-metadata.xml file into the
<ThingWorx Installation Folder>/ThingworxPlatform/ssoSecurityConfig folder. This file is the
Federation Metadata XML certificate you downloaded and renamed during creation of the enterprise application in Microsoft Entra ID. For information about this certificate, see
Create an Enterprise Application in Microsoft Entra ID and expand Step 3 – SAML Signing Certificate.
3. Generate a JKS keystore file with the name sso-keystore.jks and save it in the ssoSecurityConfig folder. Generate a key pair and specify the common name of the certificate as ThingWorx. Note the following:
◦ The key/name pair should be used where the keyStoreKey value is required.
◦ The password that was set for the sso-keystore.jks file should be used where the keyStoreKeyPass value is required.
4. Import the Microsoft Entra ID Signing certificate into
sso-keystore.jks. This certificate is the
Certificate (Raw) that you downloaded during creation of the enterprise application in Microsoft Entra ID. For information about this certificate, see
Create an Enterprise Application in Microsoft Entra ID and expand Step 3 – SAML Signing Certificate.
5. Copy the updated sso-keystore.jks file to the <ThingWorx Installation Folder>/ThingworxPlatform/ssoSecurityConfig folder.
6. Start the ThingWorx server.
7. Verify that the Microsoft Entra ID authentication has been configured properly by using the appropriate credentials to log into ThingWorx Composer as the Administrator user.