Create an Enterprise Application in Microsoft Entra ID

Microsoft Entra ID as the CAS and IdP for ThingWorx > Example: Microsoft Entra ID as Central Auth Server and Identity Provider > Configuring Authentication with Microsoft Entra ID > Create an Enterprise Application in Microsoft Entra ID

1. In the Microsoft Azure portal, under the Microsoft Entra ID menu, select the Enterprise applications option.

2. In the page that opens on the right, click New application.

3. In the Browse Microsoft Entra Gallery (Preview) page, click Create your own application.

4. Enter a name for your application, select the Integrate any other application you don’t find in the gallery option, and click Create.

5. On the Overview page, click Set up a single sign on.

6. On the Select a single sign-on method screen, select the SAML option. A Set up Single Sign-On with SAML page with numbered steps opens. In the sections below, complete the detailed steps.

Step 1 – Basic SAML Configuration

1. In step 1 for Basic SAML Configuration, click Edit.

2. In Basic SAML Configuration, enter the following information:

◦ Indentifier (Entity ID) – Will be used as the value of the metadataEntityId in the BasicSettings component of the sso-settings.json file.

◦ Reply URL (Assertion Consumer Service URL) – Should use the following format:

https:/<ThingWorx FQDN>:<port>/Thingworx/saml/SSO

3. Click Save and then close the Basic SAML Configuration. When prompted to test the single sign-on, select No, I’ll test later.

The Set up Single Sign-On with SAML step is redisplayed with the Identifier and Reply URL values entered.

Step 2 – User Attributes & Claims

1. Click Edit in step 2 for User Attributes & Claims.

2. In User Attributes & Claims, click Add new claim.

3. In the Manage claim page, enter the following information:

◦ Name – Enter a UID.

◦ Source – Select the Tranformation option. A Manage transformation pop up window opens.

4. In the Manage transformation window, enter the following information, as shown in the image below:

◦ Transformation – StartWith()

◦ Paramter 1 (Input) – user.userprincipalname

◦ Value – Administrator@

◦ Parameter 2 (Output) – “Administrator”

◦ Specify output if no match – Select the check box.

◦ Parameter 3 (Output if no match) – user.userprincipalname

5. Click Add.

6. Click Save and close the Manage Claim window. When prompted to test the single sign-on, select No, I’ll test later.

The User Attributes & Claims step is redisplayed with the values you just entered.

Step 3 – SAML Signing Certificate

1. In step 3 for SAML Signing Certificate, download the Certificate (Raw), which is the Microsoft Entra ID Public certificate.

2. Download the Federation Metadata XML. When the file is downloaded, rename it to sso-idp-metadata.xml.

Was this helpful?