Service Principal in PTC RV&S
A Service Principal, also known as a service account or application identity, is a security principle that is used for authentication and authorization in computer systems and networks. In PTC RV&S, the Service Principal supports secure automated authentication across multiple integrations and workflows, including:
• Proxy to Main Server
• Configuration Management Server to Workflows and Documents Server
• Workflows and Documents Server to Configuration Management Server (for source traces, links)
• Admin Server to Staging Server
• OSLC Server
• OSLC Client background jobs (for Windchill, Codebeamer, Suspect Marking, or triggers infrastructure)
• Git to PTC RV&S Main Server
• Jenkins to PTC RV&S Main Server
• Prometheus to PTC RV&S Main Server
• PTC RV&S to Codebeamer for Source Code Management
Service Principal Configuration and Login Restrictions
The administrator must configure the following properties in LDAP to be able to mark a user account as a Service Principal:
• ldap.user.servicePrincipalAttrName=isServicePrincipal
• ldap.user.servicePrincipalAttrValue=TRUE
For more information on LDAP user properties, see Setting Up LDAP-compliant Security Realm.
To designate a user account as a Service Principal, see To Create an MKS Domain User in the GUI.
Once a user is marked as a Service Principal, the following login restrictions come into effect:
• A user who is marked as a Service Principal, is not allowed to log in as a regular user.
• A Service Principal cannot access the application’s user interfaces.
• Removing the Service Principal flag restores the password-based login mechanism.
Service Principal users can only authenticate through approved mechanisms, such as using tokens through delegated authorization as defined by the service domain.
 |
Avoid changing the Service Principal user status from Active to Inactive, as this is not a supported action.
|