Skip to main content
avillanueva
23-Emerald I
avillanueva23-Emerald I
23-Emerald I
November 2, 2022
Question

Users disappearing from groups in Navigate

  • November 2, 2022
  • 1 reply
  • 2016 views

I cannot verify exactly but have seen enough cases where I thought I might task field. We have some custom apps in Navigate controlled by a group. If your in the group, you get access. Randomly, users report that they cannot see the custom app tiles like they used to. Sure enough, I check and they are not in the group. Simple, you add them to the group and move on.  

 

Except, I've seen a handful of these cases and was almost certain that these folks were there before. Has anyone see this or know the cause? Running 8.5.3. I guess I can make an export of the group and see if it changes in future to prove that they were there before and not now. Very strange.

1 reply

T
ThorstenMueller13-Aquamarine
13-Aquamarine
November 3, 2022

Do you have SSO configured? If you are using an SSO Authenticator and a mapping of the group attribute.
Like in this example?

ThorstenMueller_0-1667462189845.png
If the user doesn't have the appropriate group listed in their group "attribute" (in the SAML assertion) the user will get removed from the appropriate group.
One other idea that might also affect user priviledges and groups is users in ThingWorx are case sensitive.
Depending on your authentication method it could be that a user is authorized correctly even if they sometimes write their name in different captialization (e.g. Username vs. username) - ThingWorx would create two separate users in this case with different access rights.

 

avillanueva
23-Emerald I
avillanueva23-Emerald IAuthor
23-Emerald I
November 3, 2022

Not using SSO here. This are local thingworx groups. I've manually added them in Composer. Not an issue with user login though I know that issue well.  When I checked group, they were not there.

B
barko16-Pearl
16-Pearl
December 6, 2022

Thorsten relayed the most common cause of this issue, but it is associated with the ThingworxSSOAuthenticator which is only active when EnableSSO is set to true in platform-settings.json.. ThingworxSSOAuthenticator will reset users group memberships to match those in the LDAP Directory Service if the User Modification Enabled box is checked. That also means that they will be removed from any TWX group that does not also occur in the Directory Service.

 

What authentication type have you configured? With Navigate, the choices are Fixed Authentication, Windchill Authentication, and PingFederate SSO.

Terms & ConditionsCookie settingsAccessibility statement