Configuring a SAML-based SSO services in MaaS360 for existing customers

You can reconfigure the SAML-based single sign-on (SSO) configuration for existing users.

About this task

The SAML-based SSO configuration is upgraded for the user authentication in IBM MaaS360. The existing Pingone users must reconfigure the settings to avoid losing access to SAML-based SSO services. In the IBM MaaS360 home page, a pop-up message is displayed to reconfigure the SAML-based SSO configuration.

Follow the steps to configure a SAML-based SSO configuration.

Procedure

  1. In the IBM® MaaS360® Portal, go to Setup > Settings > Administrator Settings > Advanced. Go to Login Settings and select Configure Federated Single Sign-On.
  2. The user must click Reconfigure tab to proceed with the configuration.
  3. On the Reconfigure SAML SSO configuration page, enter the IBM ID to create a IBM Security Verify Tenant. If you do not have an IBM ID, you must create one using the Sign up for an IBM ID link.
  4. After you enter the IBM ID and select Next, the IBM Verify tenant is created which serves as the Service Provider for your MaaS360 tenant.
  5. On the Identity details page,
    • If your user directory is IBM Verify, then select the IBM Verify is the source of User Directory checkbox.
    • If your user directory is not IBM Verify, then follow the steps.
      1. Enter the Identity Provider Name. The Identity provider name is displayed in the IBM Verify authentication reports.
      2. In the Identity Provider Metadata tab, browse and select the Federation Metadata XML that is downloaded from Identity Provider. The supported file type is .XML.
      3. Make a note of the Assertion Costumer Service URL, and Entity ID to configure the Identity provider and then test authentication.
  6. The Custom Login URL is what the administrators use to login to the IBM MaaS360 Portal after the SAML integration is completed.
  7. Click Next which saves the configuration.
  8. On the Overwrite configuration page, the user must test the configuration before enabling the configuration settings.
    Follow the steps to test the configuration.
    • Go to test Custom Login URL for administrators and the identity details page is displayed.
    • Enter the Identity provider name and click Next to save the configuration.
    Important: Make sure to test the configuration before you overwrite the configuration.
  9. Select Overwrite old configuration and click Submit.
    Turning on this option replaces the old configuration with the new configuration.

Results

The old configuration is successfully replaced with the new configuration.