Local administrator login settings for Federated Single Sign-on

When you configure the Federated Single Sign-on option from the Advanced Administrator settings, MaaS360® allows existing local administrator accounts to continue to log in to the MaaS360 Portal using their existing credentials. These existing administrator accounts are not deactivated unless an administrator manually initiates the Deactivate action on these accounts.

In the Configure Federated Single Sign-on section, the option Allow existing Administrators to use portal credentials as well was removed. This change applies to both Use SAML for Single Sign-on and Authenticate against Corporate User Directory single sign-on settings. These changes are in affect for any customer account that was created after the 10.78 release, and also for existing customers.

New MaaS360 customer accounts created after the 10.78 release

  1. From the MaaS360 Portal, select Setup > Settings > Administrator Settings > Advanced.
  2. Configure the Federated Single Sign-on login settings using the SAML for Single Sign-on and Authenticate against Corporate User Directory methods.
Viewing the SAML for Single Sign-on screen
Admin SAML SSO
Viewing the Corporate User Directory authentication screen
Admin Corporate Directory SSO

In both cases, the existing portal administrator accounts can log in to the MaaS360 Portal using their existing portal login credentials. If you want to deactivate existing administrator accounts with MaaS360 local credentials, use the Deactivate option from the administrator settings listed at Viewing and configuring portal administration details in the IBM MaaS360 Portal. Select the administrator account, and then click Deactivate.

Note:
  • The Authentication Type column displays the user authentication type, which helps to identify the MaaS360 local credential administrator accounts.
  • You cannot deactivate an administrator who is assigned with a Primary administrator role.
    Admin deactivate account
Adding an administrator account

After you enable Federated Single Sign-on for administrators, you can create the following new administrator accounts:

  • For a SAML account, you can add administrators with a corporate username that matches the AD credentials. For more information, see Adding a portal administrator account.
  • For the corporate user directory account, you can add administrators with a corporate username that matches the AD credentials. You can also choose the auto-provision setting to create administrator accounts when the administrator first logs in to the MaaS360 Portal with their AD credentials. For more information, see Auto-provisioning setting for portal administrator accounts.

MaaS360 customer accounts created prior to the 10.78 release

For customer accounts that were created prior to the 10.78 release, administrators can continue to configure Federated Single Sign-on using either SAML for single sign-on or the corporate user directory. However, the Allow existing Administrators to use portal credentials as well option is no longer displayed in the portal. If you enabled or disabled this option prior to 10.78, the setting still allows or does not allow local administrators to log in to the MaaS360 Portal using their MaaS360 local credentials. You can also continue to add new administrator accounts as documented in the Adding an administrator account section.