AD FS as the CAS and IdP for ThingWorx > Example: AD FS as Central Auth Server and Identity Provider > Configuring Authorization with AD FS with ThingWorx as Resource Provider or a Different Application than ThingWorx as a Resource Provider
Configuring Authorization with AD FS with ThingWorx as Resource Provider or a Different Application than ThingWorx as a Resource Provider
This example provides detailed steps on how to configure authorization in an SSO environment that has ThingWorx configured for single sign-on with AD FS as both the Central Auth Server (CAS) and as the Identity Provider (IdP).
It also provides instructions on how to configure ThingWorx to act as a Resource Provider or how to configure any other application to act as a Resource Provider to the ThingWorx application.
* 
In the next sections there is a differentiation done between the steps related to ThingWorx as Resource Provider or other application as Resource Provider.
* 
You can configure ThingWorx as a Resource Provider to allow ThingWorx URI requests via OAuth2 protocol. Service providers may use the response from the Resource Provider to render and show data stored in ThingWorx. ThingWorx as a Resource Provider is responsible for validating the access token and scopes on each resource request. You may need to consult with other PTC product administrators and identity provider administrators in your organization to configure other applications that are configured for this purpose.
Authorization Prerequisites
Import the AD FS SSL Certificate
Configure ThingWorx with a Resource Provider in AD FS Application Groups when the Resource Provider is Some Application other than ThingWorx
Update the ThingWorx sso-settings.json Configuration File
Configure ThingWorx as a Resource Provider
Was this helpful?