Hi Experts,
I have Azure AD integrated with Thingworx using ThingworxSSOAuthenticator and I have added Administrator and one thingworx created local user in the exclusion list. But having SSO Authenticator enabled, Administrator/Other user doesn't login.
I am using Thingworx 9.3.
To answer your previous questions
- Do I need to create 'Administrator' user in AD also? -> you can do that if you want to login with user "Administrator". For this see the link I shared from PTC in my previous comment. But this is very complicated and not needed. As you can just make your own user <TanmeyTWX> (which has a valid login at AzureAD) a administrator by putting him in the "Administratros" group.
- Do I need to bypass microsoft AD authentication in case of Composer or Excluded users? How? -> Not possible, only SSO will work (or AppKey)
To clear up some things:
- If you activate SSO you cannot login with a username+password defined of a Thingworx user. You can ONLY login via SSO. From SSO the username is taken and mapped to a thingworx user (with the same username).
- Any user who should have access to the Composer or Admin permissions needs to be in the correct UserGroups (e.g. "Administrators") which grant these permissions.
- Putting users in the "Excluded list" only says that thingworx will not change their user or the groups he belongs to. Still the login is done via SSO.
- If SSO is active as a user you can only login via SSO - no other way. So the user to login with needs to be in the correct UserGroups to have the needed permissions in ThingWorx.
Maybe this makes it more clear? Maybe there is also another link missing...
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
