Single Sign On (SSO) for Windchill PLM

IDEA

Single Sign-On for Windchill PLM provides simplified access using Integrated Windows Authentication and SAML based web browser exchanges. It is First to Market to integrate PingFederate WS-Federation with Windchill PLM. Single Sign-On provides highly secure user authentication with seamless switch between different applications and reduced IT administration costs.

		CLIENT
		It is diversified health and Well-being Company, focused on improving people’s lives through meaningful innovation in the areas of Healthcare, Consumer Lifestyle and Lighting. It is listed in Fortune 500 company which sales and services in more than 100 countries
		BUSINESS SITUATION
		Client wanted to standardize on authentication to applications using industry standards for achieving single sign on (SSO) for Windchill PLM. This included building a federation capability and removal of usage/storage of user names and passwords in Windchill.
		HOW WE HELPED
		The highlights of this solution being, ·         Recommended Shibboleth as SAML based middleware between Apache and PingFederate since Windchill uses Apache for the authentication. ·         Configured PingFederate 7.1.3 as Identity Provider (IdP) and Shibboleth as Service Provider (SP). ·         Shibboleth-Apache integration for Windchill PLM authentication. ·         Arcot AOK integration for internet based user authentication requests. ·         Form based authentication for non-person user IDs especially since the required solution was Integrated Windows Authentication. ·         Advanced Configurations for specific Windchill modules :         PTC Workgroup Manager         Windchill Product Analytics.         Desktop Integration(DTI)         PTC System Monitor ·         Developed a solution for integration of IBM Cognos and Windchill PLM with Amazon Cloud, SSL, SSO, and Reverse Proxy. ·         Deployed SSO Solution on reverse proxy Apache for bi-layered security. ·         Corporate LDAP integration for additional enterprise-wide user attributes like Digital Signatures for Change Tasks.
		BUSINESS IMPACT
		PTC's Windchill PLM SSO Solution resulted in various key benefits such as: First to Market - Windchill PLM SSO Solution team delivered challenging goal of client to integrate PTC’s Windchill PLM enterprise application with Ping Federate using Shibboleth SAML-based Middleware. Productivity Boost - We helped client users to move between services securely and uninterrupted without specifying their credentials each time. Having to remember and key-in only one password significantly cuts down login time and reduces the chances of a failed login. Thus, SSO can enable users to buckle down to work right away. Secured Windchill over Internet - The users’ credentials are provided directly to the central SSO server, not the actual service that the user is trying to access, and therefore the credentials cannot be cached by the service.  The central authentication point – Implemented SSO service – limits the possibility of phishing. Windchill Administration Cost Reduction - Windchill administrators can save their time and resources by utilizing the central web access management service. Also SSO will allow users to remember just one password, reduce the chances of forgotten passwords, and consequently bring down Help Desk costs. Disclosure: I’m responsible for Infrastructure Solutions as service.