Streamlined login

As an IBM® Maximo® Application Suite administrator, configure the properties that control the streamlined login experience for your users.

In the Suite custom resource (CR), the spec.sso.defaultIDP and spec.sso.seamlessLogin properties control the streamlined login experience in Maximo Application Suite.

You can enable the seamless login experience in the Maximo Application Suite. In the Suite administration page, click Users and then click the Authentication tab. In the Default login behavior section, enable seamless login for SAML authentication.

Dedicated login pages for identity providers

When a user accesses a Maximo Application Suite protected page, and if the user is not authenticated, the user is redirected to the default login page. The default login page requests user credentials and also has other login options, such as LDAP and SAML if these options are configured in Maximo Application Suite. However, a user can access specific endpoints that take them directly to a version of the login page that is configured with an identity provider option without other login options. The main format of the dedicated login pages for identity providers is https://auth.<masdomain>/idplogin/loginpage<query parameters>. For SAML dedicated login pages, no credentials are required for Maximo Application Suite, so the user is automatically redirected to the dedicated login page for the identity provider.

Important: A dedicated login page must not be used by default. It is an alternative mechanism to access Maximo Application Suite without going to the default login page. For example, for SAML seamless integration, you must set SAML as default and seamless instead of using a SAML dedicated login page.
Required query parameters
You can pass only the &idp=<idp type>:<idp id> query parameter to the dedicated login page endpoint. For local authentication, the <idp id> cannot be included, and the query parameter is &idp=local. For LDAP and SAML identity providers, the type and ID are needed. For example, for LDAP, the query parameter is &idp=ldap:default-ldap, where the IDP ID is default-ldap. For SAML, the query parameter is &idp=saml:default-saml, where the identity provider ID is default-saml. After the user logs in, they are redirected to the Maximo Application Suite home page by default, unless the user appends optional query parameters to the dedicated login endpoint.
Optional query parameters
Optional query parameters can be added to the dedicated login endpoint to control which application the user is redirected to after login. To redirect to a specific application page, both workspace ID &wsid=<workspace id> and application ID &appid=<application id> need to be provided. For example, if a user logs in using the SAML integration and lands on the IBM Maximo Manage application page that uses workspace masdev, which assumes that the user has access to the page, then the dedicated login page URL is https://auth.<masdomain>/idplogin/loginpage?idp=saml:default-saml&wsid=masdev&appid=manage. A user can also use the apppath=<app path> query parameter so that a user can land on a specific application page path after login.