Solved: Integration of Windchill with the AWS IAM for user...

Rahul_Rathore · ‎Jan 20, 2023

Hello all,

We are using the Windchill 12.0.2.2 and we would like to integrate our current windchill with the AWS IAM for the user management. So is it possible to do or use the AWS IAM as Active directory with the windchill.

I tried to find some details over the google but didn't get any conventional details. It would be really helpful and appreciated if i can get some details on it,

Thanks in advance.

shussaini · ‎Jan 23, 2023

You can refer CS303058 .

Hope this helps.

regards
~Syed

View solution in original post

VladimirN · ‎Jan 21, 2023

From "Help Center" - "Configuring Windchill File Vaults to Use Amazon S3": https://support.ptc.com/help/wnc/r12.1.1.0/en/index.html#page/Windchill_Help_Center/filevault/FileVaultConfiguringWindchillforAmazonS3.html

Rahul_Rathore · ‎Jan 21, 2023

Hi @VladimirN

Thanks for your reply.

I gone through with this article but in this article S3 configuration with windchill file vault is given and i want to integrate my windchill with the AWS IAM.

Scenerio - Suppose a user raise a request on any servicing tool for the access of windchill, Then approver approves the request and then create the account in AWS IAM then the same account must be create in the windchill automatically with the same access those have given to IAM.

We will create the same group inside the IAM but the can the user account create automatically into the windchill?

Thank you...!!!

shussaini · ‎Jan 23, 2023

May be this should help. let me know if you need more details.. I do not think the auto user provisioning is supported for Windchill. That may require some customization.

regards
~Syed

Rahul_Rathore · ‎Jan 23, 2023

Hi @shussaini

Thanks for the useful information.

Yes please share the more details if you can would be really helpful.

Thanks,

Rahul

Rahul_Rathore · ‎Jan 23, 2023

Hi @shussaini

Sorry for bother, Please let me know if you have any article or document, With that we can be sure that user provisioning is not supported for windchill...

Thanks

shussaini · ‎Jan 23, 2023

You can refer CS303058 .

Hope this helps.

regards
~Syed

jbailey · ‎Apr 20, 2023

I don't think this is possible at the time. Windchill still requires at least a back end connection to an LDAP v3 compliant data store. For authentication, via ldap/s in apache to AD and for group/attribute lookup via ldap/s call directly to AD.

If you are using Azure AD or another AD solution that can be populated from the AWS IAM, then you would use IAM to drive your AD and point WC to the AD for login/data calls (I think). I looked at using some of the PingFederate tools along with Open DJ to where Ping would take a SAML assertion and then autoprovision groups into OpenDJ .. but now you are talking a lot of extra pieces to get Windchill to automate.

I spoke with a couple of PTC folks and indicated there really needs to be an Authentication/Authorization/Security working group

Integration of Windchill with the AWS IAM for user management

Integration of Windchill with the AWS IAM for user management