Prepare for Single Sign-On (SSO) > Obtain OAuth Access Token for ThingWorx Administrator Using Postman
  
Obtain OAuth Access Token for ThingWorx Administrator Using Postman
Postman is used to acquire an OAuth access token from the PingFederate authorization server during installation. This access token is used during the Experience Service installation process.
* 
Untrusted self-signed X509 certificates can cause Postman to render a blank screen without further errors. In order to run Postman against a SSL URL with a self-signed certificate, add the certificate to the operating system trusted certificates repository on the machine running Postman. On Windows, this is usually the Trusted Root Certification Authorities store. On Linux, this is a file of PEM certificates called /etc/ssl/certs/ca-bundle.trust.crt.
Use the following steps to obtain an OAuth access token for ThingWorx Administrator:
1. Install Postman.
2. Open Postman and select Request from the New menu to create a new request.
3. Enter a name for the request. For example, Get Admin Token.
4. Select a collection or folder for the request.
5. Click Save.
6. Select the Authorization tab in the detail pane.
7. Select OAuth 2.0 for the Type.
8. Click Get New Access Token, and provide the following values in the GET NEW ACCESS TOKEN window:
Property
Value
Token Name
Use any preferred name.
Grant Type
Authorization Code
Callback URL
Set this equal to the <es-redirect-uri> parameter:
<es-base-url>/ExperienceService/auth/oidc/callback
For example:
https://es.example.com:8443/ExperienceService/auth/oidc/callback
For more information, see the “SSO Configuration Parameters” section in PingFederate Configuration.
Auth URL
Set this equal to the <as-auth-endpoint> parameter. For example:
https://pingfed.example.com/as/authorization.oauth2
For more information, see the “SSO Configuration Parameters” section in PingFederate Configuration.
Access Token URL
Set this equal to the <as-token-endpoint> parameter. For example:
https://pingfed.example.com/as/token.oauth2
For more information, see the “SSO Configuration Parameters” section in PingFederate Configuration.
Client ID
Set this equal to the Experience Service OAuth client ID that you defined in PingFederate.
Client Secret
Set this equal to the Experience Service OAuth secret.
Scope
THINGWORX
* 
If you are using a custom scope, set this equal to that custom value.
State
This can be left blank.
Client Authentication
Send client credentials in body
9. Click Request Token.
10. When prompted, log in with the ThingWorx Administrator username and password.
11. Authorize access to ThingWorx when the Request for Approval window appears.
12. After successfully authenticating and authorizing access to ThingWorx, Postman displays a MANAGE ACCESS TOKENS window. Make a copy of the Access Token value, and save it for use during the Experience Service installation.
* 
Since the access token may expire after a short period of time, proceed with Experience Service installation immediately after obtaining the token.