Skip to main content
A
Alex198813-Aquamarine
13-Aquamarine
May 8, 2025
Solved

Windchill PDM Link SSO solutions

  • May 8, 2025
  • 3 replies
  • 1135 views

We are looking into implementing SSO for our customer.

Initially we wanted to go with the simpler implementation using Shibboleth As SP and Microsoft Entra as IP.

 

What other solutions would there be with and would be the complexity level of their implementation?

Best answer by Alex1988

We did a simple implementation with Shibboleth and without pingFederate as in scenario 2 using the basic steps from PTC:

 

Security Assertion Markup Language (SAML) Authentication

3 replies

avillanueva
23-Emerald I
avillanueva23-Emerald I
23-Emerald I
May 8, 2025

What version of Windchill do they have? That might make a difference.

A
Alex198813-AquamarineAuthor
13-Aquamarine
May 30, 2025

We have Windchill PDM Link 13.0.2.4. At the moment we went with the simple PTC supported solution with Shibboleth and Microsoft Entra.

It seems to work fine during testing. We would need just to manage the Windchill users like wcadmin or other accounts created. 

P
plmcore14-Alexandrite
14-Alexandrite
May 30, 2025

Hi,

Are you using ProjectLink with external users? How you configured your workers for SSO as TrustedHost is not supported by PTC. If you can give some insight, that will be great

 

Best Regards

PR

J
Jimwang16-Pearl
16-Pearl
May 12, 2025

Take a look at the article https://www.ptc.com/en/support/article/CS314308

 

A
Alex198813-AquamarineAuthorAnswer
13-Aquamarine
February 23, 2026

We did a simple implementation with Shibboleth and without pingFederate as in scenario 2 using the basic steps from PTC:

 

Security Assertion Markup Language (SAML) Authentication

jbailey
jbailey18-Opal
18-Opal
February 25, 2026

If the version of Windchill is 13.0.2 or newer, I would consider OIDC vs SAML if using Entra, especially if they are looking to add OAuth down the road to other tools. If you are using SAML with Entra and need OAuth down the road - you need two Entra entities, one for SAML and one for OAuth. If you use the OIDC apache module (Included 13.0.2.x+) Entra will only need one entity for Windchill. It is a little detail, but minimizes the number of items a customer needs to manage in their Entra IdP. Configuration is straightforward and well documented (I implemented this as a customer before I joined PTC with ease). Additionally, it removes the need to install / maintain / secure additional software (Shibboleth).

 

 

Terms & ConditionsAccessibility statement