ThingWorx Authentication
|
|
Both the es-authorization and es-public-access user accounts must be added to the Administrator group to configure SSO.
|
Depending which type of ThingWorx authentication you’re using, the following will need to be done before configuring SSO.
Use Application Keys
Using SSO with an application key eliminates the need to configure the es-authorization and es-public-access users in the customer's IdP. These users were required so that the Experience Service could invoke APIs on the ThingWorx server to retrieve groups and role membership.
• Enable the
ThingWorx application key authenticator. For more information, see the
Configure the sso-settings.json File section of the ThingWorx Help Center, and search for “ApplicationKey” on that page to consult the note related to
ApplicationKeySettings.
• Log in to
ThingWorx with Administrator user privileges, and create an application key for the
es-authorization user (after installation, the application key can be removed). For more information, see the
Users section in the ThingWorx Help Center.
Use Credentials
If using credentials, the following user accounts must be added to the Identity Provider (IdP) that manages user accounts that can be authenticated by PingFederate:
• es-authorization
• es-public-access
