Community Tip - New to the community? Learn how to post a question and get help from PTC and industry experts! X
Reading through this article: How to create an admin user in ThingWorx Navigate when there is no Administrator user in Windchill
In my case, I already had configured to authenticate to Windchill and one of my accounts had an alternate uid of Administrator. Login was fine, no issues. I am switching to SSO on Windchill side so my assumption would be I need a matching id of Administrator which I am hesitant to do. I have added two additional accounts to the Administrators group in Thingworx so I can use those to get into Composer and administer the system. The question is, if I make Administrator in able to be used, will I lose anything or not be able to do functions in Composer? If I need to, I could reconfigure authentication back to get back in but I prefer not to use this account if I do not have to.
Once you have completed the software installation, and have created alternative users to be members of the Administrators group so they can function as “the Administrator”, there is no problem with not having the username “Administrator” in Windchill or in your LDAP. I would not delete the user Administrator from the ThingWorx database, because it is your “backdoor” to get in if you ever have the need. Keep it in the Administrators group and in a license group, and if you ever need to, you can reconfigure for Fixed Authentication and use Administrator to login to ThingWorx. That is because, in Fixed Authentication, the Directory Store for authentication is the ThingWorx database and it doesn’t matter what you may have in Windchill, Active Directory, or any other LDAP data store. That’s handy, for example, for the case where your other admin users get inactivated, deleted, disconnected from the network, or somehow won’t function anymore. If you accept that risk (I would not) there is nothing else you would lose by making Administrator unusable. It was only critical during the install process, because “Administrator” is hard wired in the code for installation and is your only user until you can create new users and make some of them admins.
A different concern that you should consider is that Windchill Authentication is not supported with Windchill on SSO (the configuration using Shibboleth as the Service Provider for Windchill). The Windchill SSO configuration interferes with the Windchill Authentication code in Windchill. The recommended (and only) alternative is to configure Navigate for SSO using ThingWorx as the Service Provider for Navigate. The two SSO configurations can co-exist and do not interact or interfere with each other in any way.
Hi @avillanueva ,
It appears that the response to your post answers your question. For the benefit of other Community Members who may have the same question, it would be great if you could designate it as the Accepted Solution.
In the event that this response did not answer your question, please post your current status so that we can continue to support.
Thanks for using the PTC Community!
Regards,
--Sharon