Linking the OIDC account to an IBM Sterling Order Management System user

After logging into Sterling Order Management System for the first time by using OIDC credentials, you must link the OIDC account to your Sterling Order Management System user email ID.

Throughout this topic, the following naming conventions are used when referring to user IDs:
  • OIDC account – OIDC account of the user.
  • OMS user ID - User ID defined in Sterling Order Management System for the user. This user ID determines the permissions that a user has in the Sterling Order Management System applications.

Guidelines for using an OIDC account in IBM Sterling Order Management System

  • If the user who owns admin user privileges and is associated to an OIDC account is no longer available, you must create a new user with admin privileges using REST API calls.
  • Ensure that there is unique mapping between OIDC users and OMS users. A single OIDC account cannot be associated with multiple users.
  • To remove the association between the OIDC account and the Sterling Order Management System user, you must remove the user from the Sterling Order Management System system by using either the Applications Manager UI or by calling the deleteUserHierarchy API.
  • Ensure that the authentication type is set to BASIC for the HTTP REST XAPI Tester. For more information about how to set up the HTTP REST XAPI Tester, see Setting up HTTP REST XAPI Tester.

Linking an OMS user with an OIDC account

You must provide an email ID for any new users you create in the Sterling Order Management System system. This email ID is used to link the OMS user with an OIDC account. Therefore, the email ID that is used when creating an OMS user and an OIDC account must be the same. You can create a user in Sterling Order Management System by either using the Applications Manager UI or by calling the createUserHierarchy API.

The following text demonstrates the sample input XML for the createUserHierarchy API:
<User Localecode=“en_US_EST” Username=“user1" Loginid=“user1” Password=“password”>
<ContactPersonInfo EMailID=“abc@xyz.com“/>
</User>

Login flow after an OIDC account is linked to an IBM Sterling Order Management System user

  1. User accesses the Sterling Order Management System application home page.
  2. User is redirected to the login page.
  3. User enters the OIDC account login credentials.
  4. If the login is successful, the user is logged in to Sterling Order Management System application as the mapped OMS user ID.
    Important: If the user uses an OIDC login that is not linked to any OMS user, the system displays the Sterling Order Management System application login screen. The user must then enter OMS user credentials to log in to the Sterling Order Management System application. On any subsequent login, the user is automatically logged in to the application's home page.

The following image shows the login flow when an OIDC account is linked to an Sterling Order Management System user:

Figure 1. Login flow when an OIDC account is linked to an IBM Order Management user

Login flow when an OIDC account is linked to an IBM Sterling Order Management System user