Azure AD as the CAS and IdP for ThingWorx > Example: Azure AD as Central Auth Server and Identity Provider > Configuring Authorization with Azure AD with ThingWorx as a Resource Provider or a Different Application as a Resource Provider
Configuring Authorization with Azure AD with ThingWorx as a Resource Provider or a Different Application as a Resource Provider
This example provides detailed steps on how to configure authorization in an SSO environment that has ThingWorx configured for single sign-on with Azure AD as both the Central Auth Server (CAS) and as the Identity Provider (IdP).
It also provides instructions on how to configure ThingWorx to act as a Resource Provider or how to configure any other application to act as a resource provider to ThingWorx application.
* 
In the next sections, there is a differentiation done between the steps related to ThingWorx as Resource Provider or other application as Resource Provider.
* 
You can choose to configure ThingWorx as a Resource Provider to allow ThingWorx URI requests via OAuth2 protocol. Service Provider may use the response from the Resource Provider to render and show the data stored in ThingWorx. ThingWorx as Resource Provider is responsible for validating the access token and scopes on each resource request. You may consult the other PTC product administrators and identity provider administrators in your organization to configure other applications that are configured for this purpose.
Authorization Prerequisites
Add a Redirect OAuth URL
Create a Secret Token for ThingWorx
Configure ThingWorx as a Resource Provider
Configure an Application Other than ThingWorx as a Resource Provider
Was this helpful?