Directory Services
You can authenticate users through a directory service (like an LDAP system). For any directory service that you want to utilize, you can start a new directory service. In the configuration, specify to what service to connect and your credentials.
 |
You can also easily manage users that exist in an Active Directory system. See Managing Users in Active Directory.
|
First, specify the following in the configuration:
• port — Directory service server port.
• adminBindDN — Login (distinguished name) of the user that has permission to run the lookup.
• adminPassword — Password of the user that has permission to run the lookup.
• server — Directory service address.
• userBaseDN — Lookup for the user group or base (i.e. ou=people, dc=thingworx).
• userIDAttribute — Attribute to match when looking up a user (i.e. uid).
|
|
Each directory service setup has its own unique user lookup "tree structure" and ID attribute name.
|
Next, create your users in ThingWorx and in the directory service system. After that is complete, your user can now log in using their directory service credentials. ThingWorx does not retrieve any additional information from the directory service. This means that you need to create the same user in ThingWorx to set permissions.
 |
If a user logs in and enters an incorrect directory service password, ThingWorx will verify it against the user's ThingWorx password. It is best practice to give users only their directory service password and not their ThingWorx password.
|
The directory service systems are called when a user attempts to login to validate the credentials. If more than one directory service is configured, ThingWorx will attempt to authenticate the entered credentials against each defined directory service until the first success. If the directory service authentication fails, the system will then attempt to authenticate the credentials against the users that are defined.
Related Links