Configure SCIM Platform Settings and SSO Settings in ThingWorx - Microsoft Entra ID
Set additional SCIM configuration options in the following files:
platform-settings.json (all users)
sso-settings.json (only users who have configured SSO)
These settings interact with the SCIM subsystem.
"PlatformSettingsConfig": {
"SCIMSettings": {
"enableSCIM": "true",
"autoStart": "false"
true—The SCIM subsystem starts automatically after a ThingWorx reboot.
false—You must manually start the SCIM subsystem after a reboot.
true—The SCIM subsystem is enabled at run time within the ThingWorx web application.
false—The SCIM subsystem is disabled at run time within the ThingWorx web application.
The values below are only examples. Your values will be different depending on your setup.
"SCIMAccessTokenServicesSettings": {
"scimAdminName": "Administrator",
"authScimOAuthClientId": "SCIMClient",
"clientId": "SCIMClient",
"clientSecret": "ABC123_xyz",
"issuer": "{tenantId}/",
"jwtPublicKeyUrl": ""
The Admin Name of a User who has Administrator privileges in ThingWorx.
A SCIM request from Microsoft Entra ID should run with Administrator privileges.
The OAuth client ID configured for SCIM.
Use the value you provided in the CLIENT ID field in the Microsoft Entra ID application. To find this value, click your Enterprise application under the App registrations in Microsoft Entra ID and copy the Application (client) ID value.
Use the same value provided for the authScimOAuthClientId above.
For instructions on creating a clientSecret, see Create a Secret Token for ThingWorx in the Microsoft Entra ID Authorization section of the PTC Identity and Access Management help center. If a secret was already created as part of Microsoft Entra ID authorization configuration, use the same secret value.
The issuer configured for SCIM.
Use the issuer with the tenant ID of Microsoft Entra ID:<tenantId>/
This public key URL is required to verify the authenticity of the token.
To acquire the signing key data necessary to validate the signature of the token, open the following JSON document:
In the JSON document, find the jwks_uri parameter and copy the value to use here. For example:
Was this helpful?