Log in
Manage and monitor software
Services and expertise
Manage and monitor software
Services and expertise

In another tab/window you have switched to a different account ().

Your active customer number ( - ) is not your primary association.

Would you like to switch to your primary association now ()?

Stay With Current
PTC Customer Support Engagement Guide
Get to know PTC's Service Offerings and how to engage, interact and make the most of Technical Support.

Identity and Access Management

Identity and Access Management

PTC customers use a variety of different methods to authenticate and manage users authorized to access deployments of PTC products (“Identity and Access Management” or “IAM”). One such method is through Single Sign-On (“SSO”), which can facilitate use of a customer’s existing Identity Provider (“IdP”). To unify and standardize IAM implementation, PTC has developed this policy, which is applicable to all SSO-enabled products, except the following (which have their own policies):

  • Onshape
  • Arena Solutions
  • Vuforia Expert Capture
  • Vuforia Chalk


In order to integrate these IdPs with a wide range of its products, PTC has chosen to work with partner PingIdentity and integrate with PingFederate software. PTC no longer provides PingFederate product or licenses on the PTC downloads page. Beginning April 1, 2022 new PTC products entitlements will not include a PingFederate license by default.  New customers choosing to use PingFederate must contract directly with PingIdentity to purchase a PingFederate license. PTC customers, who were previously entitled prior to April 1st, 2022, can still request a PingFederate license by contacting PTC Technical Support, this includes requests for license renewals. PTC Cloud customers will be provided a PingFederate license if required as part of the provided PTC offering.

The identified PingFederate architectures validated to support the SSO solution for products are identified below and are covered by this policy (see “Standard” IAM architectures).  To ensure that customers have the latest version of PingFederate available, PTC will direct all customers to download the software from the PingFederate download page. Accessing software in this manner does require creation of an account with PingIdentity but it is possible to do so free of charge.

Each PTC SSO enabled product provides a support matrix that will identify the PingFederate version(s) currently supported..

Support Policy

PTC will test its SSO-enabled products against specific PingFederate builds (e.g. 8.4.4 Patch 3) and support that build as well as all subsequent maintenance (third digit) and patch (fourth digit) releases of PingFederate within that minor version (e.g. 8.4.x). PTC will identify supported PingFederate builds in the system requirements page for each respective product.

Except for those hosted via PTC Cloud, customers are responsible for deploying and maintaining PingFederate software.

PingIdentity regularly releases updates to PingFederate that include both security improvements and functional bug fixes. Towards this end, PTC strongly recommends that customers continuously update to the latest build of PingFederate within a supported minor version. If, for some reason, a customer experiences a problem with a supported PingFederate release, that customer may open a technical support ticket with PTC to resolve the issue.

Due to the wide range of available IdPs and the varying levels of technical expertise and time needed to ensure their compatibility and interoperability with PingFederate, PTC will only assist in configuring and supporting a limited range of “Standard” IAM architectures. In no case will PTC process technical support tickets related solely to the functionality or installation or setup of the IdP itself (e.g. not directly involved with its interaction with SSO-enabled PTC products).

For “Standard” IAM architectures, PTC will:

  • Process technical support requests related to PingFederate’s interaction with SSO-enabled PTC products and Supported IdPs.
  • Consider making software changes to SSO-enabled PTC products in order to facilitate their ongoing compatibility and functionality with the IdP.

For “Non-Standard” IAM architectures, PTC will:

  • Process technical support requests only as they pertain to the PTC product in question.
  • For requests related to PingFederate functionality and its interaction with the IdP, forward customer-provided technical information to PingIdentity and so that both parties can resolve the issue.
  • To the extent possible, identify partner organizations that are capable of implementing and supporting such configurations. PTC is not, however, responsible for the security or functionality of any Non-Standard implementations conducted by partners or others.
  • Not consider making code changes to its products to facilitate this functionality.
  • Not assist with troubleshooting related to the federation features of Microsoft Azure Active Directory or Active Directory Federation Services.

Standard architectures include the use of: