Article - CS271789
ThingWorx Navigate Single Sign On (SSO) Knowledge HUB
Modified: 09-Mar-2022
Applies To
- ThingWorx Platform 8.0 to 9.1
- ThingWorx Navigate 1.5.0 to 9.1
- Windchill PDMLink 10.2 to 11.1
- PingFederate
Description
- Single sign-on (SSO) solutions mitigate the need for multiple logins by providing a single login page for multiple Enterprise Applications
- SSO empowers Administrators to control the Authentication and Authorization (Access Management Process) by using a SSO mechanism within a Federated Identity Management system
- SSO solutions can unify credentials for websites and applications into a single password (or dual authentication mechanism) for the user identity
- Administrators can control security policies and fix vulnerabilities at both the access point and application levels
- SSO makes it easier to get started with an application
- For enterprise applications, support for SSO is critical and many corporate security policies require that all applications use approved SSO methods
- PTC has added support for two SSO standards and incorporated PingFederate as an SSO Solution:
- Authentication using SAML 2.0 protocol
- Authorization using OAUTH 2.0 tokens
- PTC currently supports SSO with the following Product Lines:
- PLM Domain - Windchill 11.0 M020+ and onwards has a built-in SAML 2.0 support
- IOT Domain - ThingWorx Platform and ThingWorx Navigate
- ThingWorx acts as a Service Provider (SP) and Windchill acts as a Resource Provider (RP) within PingFederate configuration (other RPs such as SAP can also be added)
- Any Identity Provider (IdP) that is compatible with SAML 2.0 can be used in this SSO setup
- PingFederate is in the middle of the deployment and acts as a Central Auth Server in order to forward and validate authentication and authorization requests
- Click here for more information on SSO Implementation with ThingWorx and Navigate
This is a PDF version of Article CS271789 and may be out of date. For the latest version click https://www.ptc.com/en/support/article/CS271789