Configuring default identity providers

Starting in Maximo® Application Suite 8.11, if you configure more than one identity provider, such as LDAP or SAML, you can specify which identity provider is the primary login option for users by updating authentication options on the Suite administration page. Alternatively, you can update the custom resource file in Red Hat® OpenShift® Container Platform.

About this task

You can select one of the following values to set a default identity provider:
  • Local
  • default-saml
  • default-ldap
If you specify SAML as the default identity provider, you can enable seamless login so that users authenticate to Maximo Application Suite by using the login page that uses the SAML identity provider.
Attention: If you enable seamless login, then the Maximo Application Suite login page is not shown. If you need to display a security message to comply with federal regulations, ensure that seamless login is disabled. Otherwise, users do not see any system notification that might be shown on the Maximo Application Suite login page. For more information, see Enabling login notification.

Procedure

  1. To configure a default identity provider in the user interface, specify the identity provider on the Authentication page.
    1. On the Suite administration page, select Users from the side navigation menu and then select the Authentication tab.
    2. In the Default login section, select the default identity provider from the list.
    3. To enable seamless login for users to authenticate to Maximo Application Suite by using login page that uses the SAML identity provider, select the Enable check box.
    4. Save your changes.
  2. Maximo Application Suite
Customer-managedTo configure a default identity provider in the custom resource file, specify the identity provider for the defaultIDP.
    1. In the Red Hat OpenShift Container Platform console, from the side navigation menu, in the Administration section, select CustomResourceDefinitions.
    2. In the CustomResourcesDefinitions window, select the Suite CR file.
    3. On the Instances tab, select the instance that you want to update.
    4. On the YAML tab, change the value for spec.settings.sso.defaultIDP to either local, default-saml, or default-ldap.
    5. To enable seamless login for users to authenticate to Maximo Application Suite by using the login page that uses the SAML identity provider, change the seamlessLogin to true.

Results

When multiple identity providers are configured, users have multiple options to choose from when they log in to Maximo Application Suite where the default identity provider is set as the primary login option.