Setting up SSO integration with our corporate Active Directory in ThingWorx 9.7. LDAP user import fails with error: ‘invalid attribute: departmentNumber’. Our AD schema uses custom attributes for department tracking that don’t match ThingWorx’s default LDAP attribute mappings.
We’ve configured the LDAP authenticator with standard mappings, but validation fails during import. About 200 users need to be imported for the initial rollout.
How do we properly map custom LDAP attributes to ThingWorx user properties? We also need to ensure SSO authentication works correctly after import and that user validation happens during the import process to catch attribute issues early.
Check your LDAP authenticator configuration in ThingWorx. You need to explicitly define attribute mappings in the authenticator settings, not just in property files. Navigate to Security > Authenticators, edit your LDAP authenticator, and configure the attribute mapping section. Map only attributes that exist in your AD schema. If departmentNumber doesn’t exist, either remove that mapping or map it to an attribute that does exist like ‘ou’ or ‘company’.
We confirmed departmentNumber doesn’t exist in our schema. We have ‘department’ and ‘company’ attributes. How do we update the mapping configuration properly? And what about SSO - do we need separate configuration for that?
For user import validation, implement a test import first with a small group (10-20 users). ThingWorx has a test connection feature in the authenticator config. Use that to validate your LDAP query and attribute mappings before attempting full import. This catches schema mismatches early.