DPT Authentication and Authorization
The DPT integration supports both Basic and Single Sign-On (SSO) authentication methods:
• Basic authentication—Requires users to separately log in to each application such as Windchill, ThingWorx Platform, and external OSLC server such as Codebeamer using a valid user name and password. For more information, see Authentication.
 |
Basic authentication uses a single user identity to fetch all remote data.
|
• Single Sign-On (SSO) authentication—Allows users to use a single set of credentials to access multiple applications. Once logged into an SSO-enabled application, users are automatically signed into every other application for which they have the appropriate permissions. For more information, see Single Sign-on Authentication.
The DPT SSO authentication provides a seamless login experience using SAML or OIDC protocols and fetches user-context data using OAuth 2.0 (OAuth delegated authorization). For more information, see Configure OAuth Delegated Authorization.
|
|
PTC recommends using Single Sign-On (SSO) authentication for DPT integration. For more information, see PTC Identity and Access Management Help Center.
|
SSO Configuration for DPT Components
The following SSO protocols are currently validated and certified for DPT:
|
Central Auth Server (CAS)
|
Windchill
|
ThingWorx
|
Codebeamer
|
PTC RV&S
|
||||
|---|---|---|---|---|---|---|---|---|
|
Authentication
|
Authorization
|
Authentication
|
Authorization
|
Authentication
|
Authorization
|
Authentication
|
Authorization
|
|
|
PingFederate
|
SAML/OIDC
|
OAuth 2.0
|
SAML/OIDC
|
OAuth 2.0
|
SAML/OIDC
|
OAuth 2.0
|
SAML/OIDC
|
OAuth 2.0
|
|
Microsoft Entra ID
|
OIDC
|
OAuth 2.0
|
OIDC
|
OAuth 2.0
|
OIDC
|
OAuth 2.0
|
OIDC
|
OAuth 2.0
|
|
|
• Support for Microsoft Entra ID with OAuth 2.0 is available starting from PTC RV&S 13.4, ThingWorx 9.7.1, and Codebeamer 3.1.
• OAuth configurations are not supported for third-party servers such as Siemens Polarion, Jira, and IBM Rational Doors NG.
|
The table below provides details on the DPT components that can be configured on CAS, along with their roles in SSO:
|
SSO Role
|
Windchill
|
ThingWorx
|
Codebeamer
|
PTC RV&S
|
|---|---|---|---|---|
|
Service Provider
|
 |
|
|
|
|
OAuth client
|
|
|
|
|
Setting up SSO with PingFederate as CAS
• To setup authentication for DPT components with PingFederate, visit the following links:
◦ PTC RV&S with PingFederate as CAS—See the PTC RV&S SSO Configuration guide.
• To setup OAuth 2.0 authorization configurations for DPT components with PingFederate, visit the following links:
Setting up SSO with Microsoft Entra ID as CAS
• To setup authentication for DPT components with Microsoft Entra ID, visit the following links:
◦ PTC RV&S with Microsoft Entra ID as CAS—See PTC RV&S SSO Configuration guide.
• To setup OAuth 2.0 authorization for DPT components with Microsoft Entra ID, visit the following links:
◦ PTC RV&S with Microsoft Entra ID as CAS—See PTC RV&S SSO Configuration guide.
For more information on Microsoft Entra ID as CAS, refer to Microsoft Entra ID as the CAS and IdP for ThingWorx, and Microsoft Entra ID as CAS and IdP for Windchill.