ThingWorx Model Definition in Composer > Security > Provisioning > Using SCIM with ThingWorx > SCIM Setup when Azure AD is the CAS and the IdP > Configure SCIM Platform Settings and SSO Settings in ThingWorx - Azure AD
Configure SCIM Platform Settings and SSO Settings in ThingWorx - Azure AD
Set additional SCIM configuration options in the following files:
platform-settings.json (all users)
sso-settings.json (only users who have configured SSO)
These settings interact with the SCIM subsystem.
"PlatformSettingsConfig": {
"SCIMSettings": {
"enableSCIM": "true",
"autoStart": "false"
true—The SCIM subsystem starts automatically after a ThingWorx reboot.
false—You must manually start the SCIM subsystem after a reboot.
true—The SCIM subsystem is enabled at run time within the ThingWorx web application.
false—The SCIM subsystem is disabled at run time within the ThingWorx web application.
The values below are only examples. Your values will be different depending on your setup.
"SCIMAccessTokenServicesSettings": {
"scimAdminName": "Administrator",
"authScimOAuthClientId": "SCIMClient",
"clientId": "SCIMClient",
"clientSecret": "ABC123_xyz",
"issuer": "{tenantId}/",
"jwtPublicKeyUrl": ""
The Admin Name of a User who has Administrator privileges in ThingWorx.
A SCIM request from Azure AD should run with Administrator privileges.
The OAuth client ID configured for SCIM.
Use the value you provided in the CLIENT ID field in the Azure AD application. To find this value, click your Enterprise application under the App registrations in Azure AD and copy the Application (client) ID value.
Use the same value provided for the authScimOAuthClientId above.
For instructions on creating a clientSecret, see Create a Secret Token for ThingWorx in the Azure AD Authorization section of the PTC Identity and Access Management help center. If a secret was already created as part of Azure AD authorization configuration, use the same secret value.
The issuer configured for SCIM.
Use the issuer with the tenant ID of Azure AD:<tenantId>/
This public key URL is required to verify the authenticity of the token.
To acquire the signing key data necessary to validate the signature of the token, open the following JSON document:
In the JSON document, find the jwks_uri parameter and copy the value to use here. For example:
Was this helpful?