ThingWorx Model Definition in Composer > Security > Provisioning > Using SCIM with ThingWorx > SCIM Setup when Azure AD is the CAS and the IdP > Configure SCIM Platform Settings and SSO Settings in ThingWorx - Azure AD
Configure SCIM Platform Settings and SSO Settings in ThingWorx - Azure AD
Set additional SCIM configuration options in the following files:
platform-settings.json (all users)
sso-settings.json (only users who have configured SSO)
platform-settings.json
These settings interact with the SCIM subsystem.
"PlatformSettingsConfig": {
"SCIMSettings": {
"enableSCIM": "true",
"autoStart": "false"
}
}
autoStart
true—The SCIM subsystem starts automatically after a ThingWorx reboot.
false—You must manually start the SCIM subsystem after a reboot.
enableSCIM
true—The SCIM subsystem is enabled at run time within the ThingWorx web application.
false—The SCIM subsystem is disabled at run time within the ThingWorx web application.
sso-settings.json
The values below are only examples. Your values will be different depending on your setup.
"SCIMAccessTokenServicesSettings": {
"scimAdminName": "Administrator",
"authScimOAuthClientId": "SCIMClient",
"clientId": "SCIMClient",
"clientSecret": "ABC123_xyz",
"issuer": "https://sts.windows.net/{tenantId}/",
"jwtPublicKeyUrl": "https://login.microsoftonline.com/common/discovery/keys"
}
scimAdminName
The Admin Name of a User who has Administrator privileges in ThingWorx.
A SCIM request from Azure AD should run with Administrator privileges.
authScimOAuthClientId
The OAuth client ID configured for SCIM.
Use the value you provided in the CLIENT ID field in the Azure AD application. To find this value, click your Enterprise application under the App registrations in Azure AD and copy the Application (client) ID value.
clientId
Use the same value provided for the authScimOAuthClientId above.
clientSecret
For instructions on creating a clientSecret, see Create a Secret Token for ThingWorx in the Azure AD Authorization section of the PTC Identity and Access Management help center. If a secret was already created as part of Azure AD authorization configuration, use the same secret value.
issuer
The issuer configured for SCIM.
Use the issuer with the tenant ID of Azure AD:
https://sts.windows.net/<tenantId>/
jwtPublicKeyUrl
This public key URL is required to verify the authenticity of the token.
To acquire the signing key data necessary to validate the signature of the token, open the following JSON document:
In the JSON document, find the jwks_uri parameter and copy the value to use here. For example:
https://login.microsoftonline.com/common/discovery/keys
Was this helpful?