cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ThingWorx Navigate is now Windchill Navigate Learn More

Translate the entire conversation x

How to Enable SSO on a ThingWorx Server Hosted in OCI (Oracle Cloud Infrastructure)?

IS_11420788
4-Participant
4-Participant
‎Nov 24, 2025 04:46 AM
‎Nov 24, 2025 04:46 AM

How to Enable SSO on a ThingWorx Server Hosted in OCI (Oracle Cloud Infrastructure)?

Hello Everyone,

I have a ThingWorx instance hosted on an OCI (Oracle Cloud Infrastructure) server, and I would like to enable Single Sign-On (SSO) for the platform.

I am not sure about the correct steps or prerequisites for configuring SSO in this setup. Could you please guide me on the following:

  1. What are the requirements for enabling SSO on a ThingWorx server hosted in OCI?

  2. Which SSO protocols are supported (e.g., SAML, OAuth, OpenID Connect)?

  3. Is there any documentation or step-by-step guide available for configuring SSO in this environment?

  4. Do I need to make any additional configurations on the OCI side (networking, certificates, identity provider integration, etc.)?

  5. Any best practices or common issues to be aware of.

  6. can we have both native login and sso enabled

Any help, references, or examples would be greatly appreciated.

Thank you!

Labels:
0 Kudos
Notify Moderator
3 REPLIES 3
Rocko
19-Tanzanite
19-Tanzanite
(To:IS_11420788)
‎Nov 24, 2025 05:57 AM
‎Nov 24, 2025 05:57 AM

Can't help on this specific situation, but the two main documents to read first are those:

https://support.ptc.com/help/thingworx/platform/r10.0/en/#page/ThingWorx/Help/Composer/Security/SSO/SingleSignOnAuthentication.html#wwID0EGIKS

https://support.ptc.com/help/identity_and_access_management/en/#page/iam/Welcome.html

 

 

Notify Moderator
Constantine
18-Opal
18-Opal
(To:IS_11420788)
‎Nov 27, 2025 01:06 PM
‎Nov 27, 2025 01:06 PM

Hello,

 

I don't have experience with OCI, but will try to answer some of your questions nevertheless:

 

  1. Likely there are no extra requirements, compared to any other environments. Just to make it clear -- even though ThingWorx documentation speaks about Microsoft Entrata ID and PingFederate, the platform supports any compliant OAuth or SAML implementation.
  2. All three should work. I'd start with OIDC if I were you.
  3. I'm not aware of that. I usually start by creating an OAuth client and configuring it in sso-settings.json file. I find this help page the most useful.
  4. You'd need to register an OAuth client, i.e. obtain a pair of client ID + client secret values.
  5. Enable debug logs for Security and Authentication loggers -- this is where you'll find most of the information about issues as you do trial and error.
  6. No. The only thing you can do is configure a username as an alias for Administrator in your sso-settings.json. This way, when you login as this "normal" user via SSO, you become Administrator and can access Composer, even if you don't have anything else configured, or if your config is broken.

/ Constantine

Vilia (my company) | GitHub | LinkedIn
Notify Moderator
vnamboodheri
Moderator
Moderator
(To:IS_11420788)
‎Dec 01, 2025 04:47 AM
‎Dec 01, 2025 04:47 AM

Hello @IS_11420788


It looks like you have some responses from some community members. If any of these replies helped you solve your question please mark the appropriate reply as the Accepted Solution. 

Of course, if you have more to share on your issue, please let the Community know so other community members can continue to help you.

Thanks,
Vivek N.
Community Moderation Team.

0 Kudos
Notify Moderator
Announcements


Contact Community Management
Top Tags