Single Sign-on Authentication
Single Sign-On (SSO) can be enabled in ThingWorx to allow mashups and applications built on the platform to participate in SSO scenarios involving other PTC products. ThingWorx supports these Central Auth Servers:
• PingFederate
• Microsoft Entra ID – serves as both the Central Auth Server and the Identity Provider
• AD FS – serves as both the Central Auth Server and the Identity Provider
This section describes the configuration steps for enabling SSO in ThingWorx. You may need to consult with other PTC product administrators and identity provider administrators in your organization to configure other applications that are configured for SSO.
For more information, refer to PTC IAM policy and PTC IAM help center.
For support, refer IAM support site.
SSO Capabilities Supported for PingFederate
• SAML authentication
• OAuth delegated authorization with ThingWorx as a Service Provider
• ThingWorx as a Resource Server
SSO Capabilities Supported for Microsoft Entra ID
• SAML authentication
• OAuth delegated authorization with ThingWorx as a Service Provider
SSO Capabilities Supported for AD FS
• SAML authentication
• OAuth delegated authorization with ThingWorx as a Service Provider
SSO Capabilities Supported for Atlas IAM server
• OIDC authentication
 |
If ThingWorx is configured with PTC Atlas IAM server, there is no need for configuration. ThingWorx is configured in PTC Cloud only for Windchill+ customers.
|