Setting
|
Value
|
Notes
|
CLIENT ID
|
Set this equal to the <es-client-id> parameter identified in the “SSO Configuration Parameters” section above.
|
This value is required when installing the Experience Service.
|
NAME
|
Choose a descriptive name. For example, “Experience Service”.
|
This value is displayed to the user when they authenticate to the Experience Service.
|
CLIENT AUTHENTICATION
|
Set this equal to the <es-client-secret> parameter identified in the “SSO Configuration Parameters” section above.
|
This value is required when installing the Experience Service.
|
REDIRECT URIS
|
Add the <es-redirect-uri> parameter identified in the “SSO Configuration Parameters” section above to the list of Redirection URIs.
|
|
BYPASS AUTHORIZATION APPROVAL
|
Select the checkbox.
|
|
ALLOW GRANT TYPES
|
Select the following grant types:
• Authorization Code
• Implicit
• Refresh Token
• Client Credentials
• Access Token Validation (Client is a Resource Server)
|
|
DEFAULT ACCESS TOKEN MANAGER
|
Select the access token manager that was created when configuring PingFederate for ThingWorx.
|
|
REQUIRE PROOF KEY FOR CODE EXCHANGE (PKCE)
|
Leave unchecked.
|
|
PERSISTENT GRANTS MAX LIFETIME
|
We recommend 2 minutes, but this can be set as desired.
|
|
REFRESH TOKEN ROLLING POLICY
|
Set this equal to Roll.
|