Skip to main content
I
IS_114207884-Participant
4-Participant
November 24, 2025
Solved

How to Enable SSO on a ThingWorx Server Hosted in OCI (Oracle Cloud Infrastructure)?

  • November 24, 2025
  • 4 replies
  • 330 views

Hello Everyone,

I have a ThingWorx instance hosted on an OCI (Oracle Cloud Infrastructure) server, and I would like to enable Single Sign-On (SSO) for the platform.

I am not sure about the correct steps or prerequisites for configuring SSO in this setup. Could you please guide me on the following:

  1. What are the requirements for enabling SSO on a ThingWorx server hosted in OCI?

  2. Which SSO protocols are supported (e.g., SAML, OAuth, OpenID Connect)?

  3. Is there any documentation or step-by-step guide available for configuring SSO in this environment?

  4. Do I need to make any additional configurations on the OCI side (networking, certificates, identity provider integration, etc.)?

  5. Any best practices or common issues to be aware of.

  6. can we have both native login and sso enabled

Any help, references, or examples would be greatly appreciated.

Thank you!

Best answer by Constantine

Hello,

 

I don't have experience with OCI, but will try to answer some of your questions nevertheless:

 

  1. Likely there are no extra requirements, compared to any other environments. Just to make it clear -- even though ThingWorx documentation speaks about Microsoft Entrata ID and PingFederate, the platform supports any compliant OAuth or SAML implementation.
  2. All three should work. I'd start with OIDC if I were you.
  3. I'm not aware of that. I usually start by creating an OAuth client and configuring it in sso-settings.json file. I find this help page the most useful.
  4. You'd need to register an OAuth client, i.e. obtain a pair of client ID + client secret values.
  5. Enable debug logs for Security and Authentication loggers -- this is where you'll find most of the information about issues as you do trial and error.
  6. No. The only thing you can do is configure a username as an alias for Administrator in your sso-settings.json. This way, when you login as this "normal" user via SSO, you become Administrator and can access Composer, even if you don't have anything else configured, or if your config is broken.

/ Constantine

4 replies

Rocko
Rocko19-Tanzanite
19-Tanzanite
November 24, 2025

Can't help on this specific situation, but the two main documents to read first are those:

https://support.ptc.com/help/thingworx/platform/r10.0/en/#page/ThingWorx/Help/Composer/Security/SSO/SingleSignOnAuthentication.html#wwID0EGIKS

https://support.ptc.com/help/identity_and_access_management/en/#page/iam/Welcome.html

 

 

    C
    Constantine18-OpalAnswer
    18-Opal
    November 27, 2025

    Hello,

     

    I don't have experience with OCI, but will try to answer some of your questions nevertheless:

     

    1. Likely there are no extra requirements, compared to any other environments. Just to make it clear -- even though ThingWorx documentation speaks about Microsoft Entrata ID and PingFederate, the platform supports any compliant OAuth or SAML implementation.
    2. All three should work. I'd start with OIDC if I were you.
    3. I'm not aware of that. I usually start by creating an OAuth client and configuring it in sso-settings.json file. I find this help page the most useful.
    4. You'd need to register an OAuth client, i.e. obtain a pair of client ID + client secret values.
    5. Enable debug logs for Security and Authentication loggers -- this is where you'll find most of the information about issues as you do trial and error.
    6. No. The only thing you can do is configure a username as an alias for Administrator in your sso-settings.json. This way, when you login as this "normal" user via SSO, you become Administrator and can access Composer, even if you don't have anything else configured, or if your config is broken.

    / Constantine

      V
      vnamboodheriCommunity Manager
      Community Manager
      December 1, 2025

      Hello @IS_11420788


      It looks like you have some responses from some community members. If any of these replies helped you solve your question please mark the appropriate reply as the Accepted Solution. 

      Of course, if you have more to share on your issue, please let the Community know so other community members can continue to help you.

      Thanks,
      Vivek N.
      Community Moderation Team.

      S
      slangleyCommunity Manager
      Community Manager
      December 5, 2025

      Hi @IS_11420788 

       

      Please let us know if either of the previous responses helped to answer your questions.  If you're running into issues, providing the errors/logs would be helpful for troubleshooting.

       

      Regards.

       

      --Sharon

      Terms & ConditionsCookie settingsAccessibility statement