PTC customers use a variety of different methods to authenticate and manage users authorized to access deployments of PTC products (“Identity and Access Management” or “IAM”). One such method is through Single Sign-On (“SSO”), which can facilitate use of a customer’s existing Identity Provider (“IdP”). To unify and standardize IAM implementation, PTC has developed this policy, which is applicable to all SSO-enabled products, except the following (which have their own policies):
In order to integrate these IdPs with a wide range of its products, PTC has chosen to work with partner PingIdentity and PTC provides customers with licenses for PingFederate software. With one exception, listed below, using PingFederate as the Central Authentication Service (“CAS”) is currently PTC’s only supported SSO solution for products covered by this policy.
Properly entitled PTC customers may download a PingFederate license from their respective product section on the PTC downloads page. To ensure that customers have the latest version of PingFederate available, PTC will direct all customers to download the software from the PingFederate download page. Accessing software in this manner does require creation of an account with PingIdentity but it is possible to do so free of charge.
PTC will test its SSO-enabled products against specific PingFederate builds (e.g. 8.4.4 Patch 3) and support that build as well as all subsequent maintenance (third digit) and patch (fourth digit) releases of PingFederate within that minor version (e.g. 8.4.x). PTC will identify supported PingFederate builds in the system requirements page for each respective product.
Except for those hosted via PTC Cloud, customers are responsible for deploying and maintaining PingFederate software.
PingIdentity regularly releases updates to PingFederate that include both security improvements and functional bug fixes. Towards this end, PTC strongly recommends that customers continuously update to the latest build of PingFederate within a supported minor version. If, for some reason, a customer experiences a problem with a supported PingFederate release, that customer may open a technical support ticket with PTC to resolve the issue.
Due to the wide range of available IdPs and the varying levels of technical expertise and time needed to ensure their compatibility and interoperability with PingFederate, PTC will only assist in configuring and supporting a limited range of “Standard” IAM architectures. In no case will PTC process technical support tickets related solely to the functionality or installation or setup of the IdP itself (e.g. not directly involved with its interaction with SSO-enabled PTC products).
For “Standard” IAM architectures, PTC will:
For “Non-Standard” IAM architectures, PTC will:
Standard architectures include the use of: