AD FS as the CAS and IdP for ThingWorx > Example: AD FS as Central Auth Server and Identity Provider > Configuring Authorization with AD FS with ThingWorx as Resource Server or a Different Application than ThingWorx as a Resource Server
Configuring Authorization with AD FS with ThingWorx as Resource Server or a Different Application than ThingWorx as a Resource Server
This example provides detailed steps on how to configure authorization in an SSO environment that has ThingWorx configured for single sign-on with AD FS as both the Central Auth Server (CAS) and as the Identity Provider (IdP).
It also provides instructions on how to configure ThingWorx to act as a Resource Server or how to configure any other application to act as a Resource Server to the ThingWorx application.
* 
In the next sections there is a differentiation done between the steps related to ThingWorx as Resource Server or other application as Resource Server.
* 
You can configure ThingWorx as a Resource Server to allow ThingWorx URI requests via OAuth2 protocol. Service providers may use the response from the Resource Server to render and show data stored in ThingWorx. ThingWorx as a Resource Server is responsible for validating the access token and scopes on each resource request. You may need to consult with other PTC product administrators and identity provider administrators in your organization to configure other applications that are configured for this purpose.
Authorization Prerequisites
Import the AD FS SSL Certificate
Configure ThingWorx with a Resource Server in AD FS Application Groups when the Resource Server is Some Application other than ThingWorx
Update the ThingWorx sso-settings.json Configuration File
Configure ThingWorx as a Resource Server
Was this helpful?