1. Home
  2. Support
Article - CS271789

[Knowledge Hub] ThingWorx Navigate Single Sign On (SSO)

Modified: 07-May-2025   


Applies To

  • ThingWorx Platform 8.0 to 9.6
  • Windchill Navigate (formerly ThingWorx Navigate) 1.5.0 to 9.4
  • Windchill PDMLink 10.2 to 13.0
  • PingFederate

Description

  • Single sign-on (SSO) solutions mitigate the need for multiple logins by providing a single login page for multiple Enterprise Applications
  • SSO empowers Administrators to control the Authentication and Authorization (Access Management Process) by using a SSO mechanism within a Federated Identity Management system
  • SSO solutions can unify credentials for websites and applications into a single password (or dual authentication mechanism) for the user identity
  • Administrators can control security policies and fix vulnerabilities at both the access point and application levels
  • SSO makes it easier to get started with an application
  • For enterprise applications, support for SSO is critical and many corporate security policies require that all applications use approved SSO methods
  • PTC has added support for two SSO standards and incorporated PingFederate as an SSO Solution:
    • Authentication using SAML 2.0 protocol
    • Authorization using OAUTH 2.0 tokens
  • PTC currently supports SSO with the following Product Lines:
    • PLM Domain - Windchill 11.0 M020+ and onwards has a built-in SAML 2.0 support
    • IOT Domain - ThingWorx Platform and ThingWorx Navigate
  • ThingWorx acts as a Service Provider (SP) and Windchill acts as a Resource Provider (RP) within PingFederate configuration (other RPs such as SAP can also be added)
    • Any Identity Provider (IdP) that is compatible with SAML 2.0 can be used in this SSO setup
    • PingFederate is in the middle of the deployment and acts as a Central Auth Server in order to forward and validate authentication and authorization requests

  • What needs to be setup before running the ThingWorx Navigate Configurator for SSO?

  • Click here for more information on SSO Implementation with ThingWorx and Navigate

This is a printer-friendly version of Article 271789 and may be out of date. For the latest version click CS271789