Single Sign On (SSO) and OpenID authentication

OpenID

Maximo® SaaS Flex and TRIRIGA® SaaS supports OpenID for authentication. This is done by leveraging OpenID Connect (OIDC) capabilities within IBM® WebSphere®. In this scenario, IBM is the relying party (RP) and the customer is the OpenID Provider (OP). For further information, see the following links:

WebSphere specific information:

https://www.ibm.com/support/knowledgecenter/SSAW57_9.0.5/com.ibm.websphere.nd.multiplatform.doc/ae/csec_oiddesc.html

TRIRIGA specific information:

https://www.ibm.com/support/knowledgecenter/SSHEB3_3.7/com.ibm.tap.doc/sso_topics/m_sso_config_websphere_trad_azu_oidc.html

OAuth
OpenID Connect (OIDC) is a layer that sits on top of OAuth 2.0 that adds authentication, i.e. login. OAuth 2.0 is designed only for authorization, i.e. for granting access to data and features. The IBM SRE Team only support using these capabilities for authentication at this time, all authorization is still performed within the product via membership to security groups.