Article - CS271789

ThingWorx Navigate Single Sign On (SSO) Knowledge HUB

Modified: 28-Jul-2022   

Applies To

  • ThingWorx Platform 8.0 to 9.3
  • ThingWorx Navigate 1.5.0 to 9.1
  • Windchill PDMLink 10.2 to 11.1
  • PingFederate


  • Single sign-on (SSO) solutions mitigate the need for multiple logins by providing a single login page for multiple Enterprise Applications
  • SSO empowers Administrators to control the Authentication and Authorization (Access Management Process) by using a SSO mechanism within a Federated Identity Management system
  • SSO solutions can unify credentials for websites and applications into a single password (or dual authentication mechanism) for the user identity
  • Administrators can control security policies and fix vulnerabilities at both the access point and application levels
  • SSO makes it easier to get started with an application
  • For enterprise applications, support for SSO is critical and many corporate security policies require that all applications use approved SSO methods
  • PTC has added support for two SSO standards and incorporated PingFederate as an SSO Solution:
    • Authentication using SAML 2.0 protocol
    • Authorization using OAUTH 2.0 tokens
  • PTC currently supports SSO with the following Product Lines:
    • PLM Domain - Windchill 11.0 M020+ and onwards has a built-in SAML 2.0 support
    • IOT Domain - ThingWorx Platform and ThingWorx Navigate
  • ThingWorx acts as a Service Provider (SP) and Windchill acts as a Resource Provider (RP) within PingFederate configuration (other RPs such as SAP can also be added)
    • Any Identity Provider (IdP) that is compatible with SAML 2.0 can be used in this SSO setup
    • PingFederate is in the middle of the deployment and acts as a Central Auth Server in order to forward and validate authentication and authorization requests
  • Click here for more information on SSO Implementation with ThingWorx and Navigate
This is a PDF version of Article CS271789 and may be out of date. For the latest version click