Configuring a SAML Single Sign-on services in MaaS360
MaaS360 uses IBM® Security Verify to provide SAML-based authentication for users. The SAML configuration enables administrators who are logging in to multiple services to log in one time and not worry about entering a password multiple times.
About this task
MaaS360 uses IBM Verify as a Service Provider to seamlessly integrate MaaS360 with your Identify Provider (IdP). An IBM Verify tenant must be linked to MaaS360 to enable SAML authentication through IBM Verify.
Important: The SAML-based SSO configuration is upgraded for user authentication in
MaaS360. The existing Pingone users must reconfigure the settings to avoid losing access to SAML
single sign-on services. In the IBM MaaS360 home page, a pop up message is
displayed to reconfigure the SAML-based SSO configuration.
Follow these steps to configure a SAML-based SSO configuration.
Procedure
- In the MaaS360 portal, go to . Go to Login Settings and select Configure Federated Single Sign-On.
- Select Use SAML for Single Sign-On.
- On the Configure SAML SSO configuration page, enter the IBM ID to create a IBM Verify Tenant. If you do not have an IBM ID, you must create one using this link: Sign up for an IBM ID.
- After you enter the IBM ID and select Next, the IBM Verify tenant is created which serves as the Service Provider for your MaaS360 tenant.
- On the Identity details page, enter the Identity Provider Name. The Identity provider name is displayed in the IBM Verify authentication reports.
- In the Identity Provider Metadata tab, browse and select the
Federation Metadata XML downloaded from Identity Provider. The supported file
type is .XML. Make note of the Assertion Costumer Service URL, and Entity ID to configure the Identity provider and then test authentication. The Custom Login URL is what the administrators use to login to the MaaS360 portal after the SAML integration is completed.
- Click Submit.
Results
The SAML SSO configuration is successfully enabled.