Introduction

Enterprise Federation (EF) is an authentication model that allows an enterprise's IdP (Identity Provider) to authenticate users using their corporate credentials instead of IBMid credentials. You can use Enterprise Federation to authenticate users to any IBM products leveraging IBMid login. For detailed information on IBM products, please click here via IBM Products website.

First and foremost, EF is a companywide impact. EF SSO enablement will impact ALL IBM Products SSO authentication leveraging IBMid login, that way a user requires to enter one set of credentials when accessing other IBM Products using their IBMid. Additionally, EF supports only Security Assertion Markup Language 2.0 (SAML 2.0). Both IdP-initiated and SP-initiated flows (redirect-POST) are supported. Transient and persistent name identifier types are not supported. For additional information, please see: Technical Requirements page.

Companies may be used to creating federated identity relationships with specific applications offered by other service providers, however that is not the case with Enterprise Federation (EF). EF supports login to a wide range of IBM applications. Just because a user can login with their IBMid to access a particular IBM application, does not necessary guarantee the user can also access other IBM applications. Access to a specific IBM application (entitlement) is controlled by the IBM application itself so it is not necessary for identity providers configured with EF to control access to specific IBM applications. Controlling individual IBM application access at the identity provider is a minimally effective security control and as a practical matter requires significantly more administrative overhead to maintain. For detailed information, please see our User Experience page.

To onboard your company with Enterprise Federation, please open a case here via ibm.com/mysupport portal and select the product option: IBMid Enterprise Federation from the drop-down. You will be provided with an IBM Support case number and an Enterprise Federation (EF) Specialist will reach out to you with the next steps. Please allow for 3-5 business days to receive a response to your IBM Support case. Additionally, the EF Specialist will require all the information in the Onboarding page filled out in the IBM Support case.