Configure ThingWorx as a Resource Provider
If you are configuring your ThingWorx application to also serve as a Resource Provider, complete the procedures in the steps below.
Step 1: Add an Additional Identifier to ThingWorx
1. In the Azure AD portal, navigate to Enterprise applications and select your enterprise application.
2. From the Manage menu, click Single sign-on and in the Basic SAML Configuration section, click Edit.
add identifier
3. In the Basic SAML configuration window, add a new identifier. The identifier must include the prefix api:// and then the Enterprise Application ID of the ThingWorx application that will act as the Resource Provider.
new identifier
4. Click Save.
Step 2: Create and Expose a Scope in ThingWorx – When ThingWorx is the Resource Provider
1. In the Azure AD portal, under the Manage menu, select App registrations.
2. From All applications, select your ThingWorx application.
3. Under the Manage menu, select Expose an API.
4. Click Add a scope.
5. In the Add a scope pop-up window, add the scope details and click Add scope.
Step 3: Add the Exposed ThingWorx Scope to the Client Application
1. In the Azure AD portal, under the Manage menu, select App registrations.
2. From All applications, select your client application.
3. Under the Manage menu, click API permissions.
4. Click Add a permission. A popup window opens.
5. Click APIs my organization uses and select your ThingWorx Resource Provider application.
6. In the Request API permissions popup window, under Select permissions, select the exposed scopes of your ThingWorx Resource Provider.
7. Click Add permission.
The Configured Permissions list is updated to show the added permissions.
request permissions
Step 4: Import the Client Application SSL Certificate
Import the SSL certificate of the client application into the Java cacerts file of the ThingWorx Resource Provider server.
Was this helpful?