cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - You can Bookmark boards, posts or articles that you'd like to access again easily! X

Home Mashup of Organization w.r.t SSO Users

Go to solution
georgeajin
7-Bedrock
7-Bedrock
‎Jun 29, 2020 05:45 AM
‎Jun 29, 2020 05:45 AM

Home Mashup of Organization w.r.t SSO Users

Hi All,

I have an organization created with a home mashup configured corresponding to it. Also have created few user groups that have been mapped to different organizational units of the organization.

 

Our instance has been configured for SSO login and the AD user groups have been mapped to the user groups mentioned above. The users are able to login successfully and has been mapped to the expected ThingWorx user groups but the home mashup is not the one configured corresponding to the organization.

 

The user's are logged into the Composer instead. Can you please guide on what additional needs to be done or is it not the way it works.

Labels:
0 Kudos
Notify Moderator
1 ACCEPTED SOLUTION

Accepted Solutions
VladimirRosu
18-Opal
18-Opal
(To:georgeajin)
‎Jun 30, 2020 06:49 AM
‎Jun 30, 2020 06:49 AM

If you setup your user's Home Mashup in the IDP it will be effective in ThingWorx. We don't have a concept of Home Mashup for UserGroups in SSO (similar to what you had for organizations in a way). Option 1 would be to set the proper attribute in the IDP for each user, based on the assigned user group. Nowadays this is the rage - control everything what the user has rights to directly from the IDP (one central point for authentication & authorization).

I guess this way of setting even the Home Mashup from the IDP falls in this line of thinking.

 

Now, you can of course implement your own custom mechanism, by setting the "effective" Home Mashup as an user Extension field and using a contained Mashup which is bounded to this field. It's basically the same system, but allows you a bit more control on the implementation. In this way you'd use a default Home Mashup for all the users, and that Mashup will decide where to send the user based on the user Extension field.

 

Up to you!

View solution in original post

0 Kudos
Notify Moderator
4 REPLIES 4
VladimirRosu
18-Opal
18-Opal
(To:georgeajin)
‎Jun 30, 2020 04:58 AM
‎Jun 30, 2020 04:58 AM

The FormOrganizations Home mashup feature will only work when accessed through the Thingworx/FormLogin/<Organization Name> URL.

When you hit that page, without SSO, the platform will try to authenticate against its internal user store (as expected) by using the ThingworxFormAuthenticator.

When you use SSO, all the other platform authenticators are disabled, and only the SSO is valid. This means that any settings you did for that FormOrganizations Home mashup etc, are useless.

To do that, there are a new bunch of settings in the SSO, but they work a bit different:

-you can have Mashup defaults, to be applied to all users (regardless of the organization)

-you can setup a mapping between a SAML attribute and the Mashup name (that means that you will store the mashup in the IDP system itself, and not in ThingWorx)

Check the below page, but basically the "system suggested mashup" works different when you use SSO.

http://support.ptc.com/help/thingworx_hc/thingworx_8_hc/en/index.html#page/ThingWorx%2FHelp%2FComposer%2FSecurity%2FAuthenticators%2FTwxSSOAuthenticator.html%23

Notify Moderator
georgeajin
7-Bedrock
7-Bedrock
(To:VladimirRosu)
‎Jun 30, 2020 05:19 AM
‎Jun 30, 2020 05:19 AM

Hi Vladimir,

 

Thank you for the response and on the information provided w.r.t SSO users.

 

On setting up the user defaults, it would be like having same home mashup for all the users irrespective of the user groups they belong to.

 

Is there  any way by which users from different user groups can have different home mashups. Can you please provide your suggestion on the same.

0 Kudos
Notify Moderator
VladimirRosu
18-Opal
18-Opal
(To:georgeajin)
‎Jun 30, 2020 06:49 AM
‎Jun 30, 2020 06:49 AM

If you setup your user's Home Mashup in the IDP it will be effective in ThingWorx. We don't have a concept of Home Mashup for UserGroups in SSO (similar to what you had for organizations in a way). Option 1 would be to set the proper attribute in the IDP for each user, based on the assigned user group. Nowadays this is the rage - control everything what the user has rights to directly from the IDP (one central point for authentication & authorization).

I guess this way of setting even the Home Mashup from the IDP falls in this line of thinking.

 

Now, you can of course implement your own custom mechanism, by setting the "effective" Home Mashup as an user Extension field and using a contained Mashup which is bounded to this field. It's basically the same system, but allows you a bit more control on the implementation. In this way you'd use a default Home Mashup for all the users, and that Mashup will decide where to send the user based on the user Extension field.

 

Up to you!

0 Kudos
Notify Moderator
slangley
23-Emerald II
23-Emerald II
(To:georgeajin)
‎Jul 10, 2020 10:48 AM
‎Jul 10, 2020 10:48 AM

Hi @georgeajin.

 

If one of the previous responses answered your question, please mark the appropriate one as the Accepted Solution for the benefit of others with the same question.

 

Thank you for participating in our community!

 

Regards.

 

--Sharon

0 Kudos
Notify Moderator
Top Tags