I have an organization created with a home mashup configured corresponding to it. Also have created few user groups that have been mapped to different organizational units of the organization.
Our instance has been configured for SSO login and the AD user groups have been mapped to the user groups mentioned above. The users are able to login successfully and has been mapped to the expected ThingWorx user groups but the home mashup is not the one configured corresponding to the organization.
The user's are logged into the Composer instead. Can you please guide on what additional needs to be done or is it not the way it works.
The FormOrganizations Home mashup feature will only work when accessed through the Thingworx/FormLogin/<Organization Name> URL.
When you hit that page, without SSO, the platform will try to authenticate against its internal user store (as expected) by using the ThingworxFormAuthenticator.
When you use SSO, all the other platform authenticators are disabled, and only the SSO is valid. This means that any settings you did for that FormOrganizations Home mashup etc, are useless.
To do that, there are a new bunch of settings in the SSO, but they work a bit different:
-you can have Mashup defaults, to be applied to all users (regardless of the organization)
-you can setup a mapping between a SAML attribute and the Mashup name (that means that you will store the mashup in the IDP system itself, and not in ThingWorx)
Check the below page, but basically the "system suggested mashup" works different when you use SSO.
Thank you for the response and on the information provided w.r.t SSO users.
On setting up the user defaults, it would be like having same home mashup for all the users irrespective of the user groups they belong to.
Is there any way by which users from different user groups can have different home mashups. Can you please provide your suggestion on the same.
If you setup your user's Home Mashup in the IDP it will be effective in ThingWorx. We don't have a concept of Home Mashup for UserGroups in SSO (similar to what you had for organizations in a way). Option 1 would be to set the proper attribute in the IDP for each user, based on the assigned user group. Nowadays this is the rage - control everything what the user has rights to directly from the IDP (one central point for authentication & authorization).
I guess this way of setting even the Home Mashup from the IDP falls in this line of thinking.
Now, you can of course implement your own custom mechanism, by setting the "effective" Home Mashup as an user Extension field and using a contained Mashup which is bounded to this field. It's basically the same system, but allows you a bit more control on the implementation. In this way you'd use a default Home Mashup for all the users, and that Mashup will decide where to send the user based on the user Extension field.
Up to you!