Configure SCIM Platform Settings and SSO Settings in ThingWorx - Microsoft Entra ID
Set additional SCIM configuration options in the following files:
platform-settings.json (all users)
sso-settings.json (only users who have configured SSO)
platform-settings.json
These settings interact with the SCIM subsystem.
"PlatformSettingsConfig": {
"SCIMSettings": {
"enableSCIM": "true",
"autoStart": "false"
}
}
autoStart
true—The SCIM subsystem starts automatically after a ThingWorx reboot.
false—You must manually start the SCIM subsystem after a reboot.
enableSCIM
true—The SCIM subsystem is enabled at run time within the ThingWorx web application.
false—The SCIM subsystem is disabled at run time within the ThingWorx web application.
sso-settings.json
The values below are only examples. Your values will be different depending on your setup.
"SCIMAccessTokenServicesSettings": {
"scimAdminName": "Administrator",
"authScimOAuthClientId": "SCIMClient",
"clientId": "SCIMClient",
"clientSecret": "ABC123_xyz",
"issuer": "https://sts.windows.net/{tenantId}/",
"jwtPublicKeyUrl": "https://login.microsoftonline.com/common/discovery/keys"
}
scimAdminName
The Admin Name of a User who has Administrator privileges in ThingWorx.
A SCIM request from Microsoft Entra ID should run with Administrator privileges.
authScimOAuthClientId
The OAuth client ID configured for SCIM.
Use the value you provided in the CLIENT ID field in the Microsoft Entra ID application. To find this value, click your Enterprise application under the App registrations in Microsoft Entra ID and copy the Application (client) ID value.
clientId
Use the same value provided for the authScimOAuthClientId above.
clientSecret
For instructions on creating a clientSecret, see Create a Secret Token for ThingWorx in the Microsoft Entra ID Authorization section of the PTC Identity and Access Management help center. If a secret was already created as part of Microsoft Entra ID authorization configuration, use the same secret value.
issuer
The issuer configured for SCIM.
Use the issuer with the tenant ID of Microsoft Entra ID:
https://sts.windows.net/<tenantId>/
jwtPublicKeyUrl
This public key URL is required to verify the authenticity of the token.
To acquire the signing key data necessary to validate the signature of the token, open the following JSON document:
In the JSON document, find the jwks_uri parameter and copy the value to use here. For example:
https://login.microsoftonline.com/common/discovery/keys
Was this helpful?