cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - You can Bookmark boards, posts or articles that you'd like to access again easily! X

SSO Provisioning Exclusions

Ascherer17
15-Moonstone

SSO Provisioning Exclusions

We have ThingWorx 8.4.0 and the Manufacturing Apps.  We are also using SSO to log in our users.  Provisioning is set up to provide the email address from our identity provider (IDP).  The Apps require users to have a phone number included.  I've manually added phone numbers for a few users, but it seems that every time a user logs in, their phone number is deleted.  I'm guessing this is because we aren't provisioning it through SSO.

 

Is there a way to set exclusions for the SSO attribute provisioning?

ACCEPTED SOLUTION

Accepted Solutions

Yes, specific attributes cannot be excluded.

View solution in original post

3 REPLIES 3

Hi,

 

You can use User Provision Exclusion List:

 

  1. In ThingWorx Composer, go to Security> Authenticators
  2. Select ThingworxSSOAuthenticator and go to Entity Information> Configuration 
  3. Add the users in User Provisioning Exclusion List 

But this will mean that the users from User Provision Exclusion List will not get any info through SSO.

Any attribute that is manually updated in Thingworx for users will be overwritten by info coming from IDP at each login. One way will be to get also the phone number together with email address from IDP. 

 

Hope it helps,

Raluca Edu

User exclusion list will not work since we would like to get attributes from IDP.  I did work with our IDP admin to send the phone number.  That solves my issue.  However this doesn't answer the question of this post.  Right now I'm assuming the answer is No, specific attributes cannot be excluded.

Yes, specific attributes cannot be excluded.
Announcements


Top Tags