Microsoft Entra ID as the CAS and IdP for ThingWorx > Example: Microsoft Entra ID as Central Auth Server and Identity Provider > Configuring Authorization with Microsoft Entra ID with ThingWorx as a Resource Server or a Different Application as a Resource Server
Configuring Authorization with Microsoft Entra ID with ThingWorx as a Resource Server or a Different Application as a Resource Server
This example provides detailed steps on how to configure authorization in an SSO environment that has ThingWorx configured for single sign-on with Microsoft Entra ID as both the Central Auth Server (CAS) and as the Identity Provider (IdP).
It also provides instructions on how to configure ThingWorx to act as a Resource Server or how to configure any other application to act as a resource server to ThingWorx application.
* 
In the next sections, there is a differentiation done between the steps related to ThingWorx as Resource Server or other application as Resource Server.
* 
You can choose to configure ThingWorx as a Resource Server to allow ThingWorx URI requests via OAuth2 protocol. Service Provider may use the response from the Resource Server to render and show the data stored in ThingWorx. ThingWorx as Resource Server is responsible for validating the access token and scopes on each resource request. You may consult the other PTC product administrators and identity provider administrators in your organization to configure other applications that are configured for this purpose.
Authorization Prerequisites
Add a Redirect OAuth URL
Create a Secret Token for ThingWorx
Configure ThingWorx as a Resource Server
Configure an Application Other than ThingWorx as a Resource Server
Was this helpful?