Streamlined login
As an IBM® Maximo® Application Suite administrator, configure the properties that control the streamlined login experience for your users.
In the Suite
custom resource (CR), the
spec.sso.defaultIDP
and spec.sso.seamlessLogin
properties control the streamlined login experience in Maximo Application Suite.
You can enable the seamless login experience in the Maximo Application Suite. In the Suite administration page, click Users and then click the Authentication tab. In the Default login behavior section, enable seamless login for SAML authentication.
Dedicated login pages for identity providers
When a user accesses a Maximo Application Suite protected page, and if the user is not authenticated, the user is redirected to the default login page. The default login page requests user credentials and also has other login options, such as LDAP and SAML if these options are configured in Maximo Application Suite. However, a user can access specific endpoints that take them directly to a version of the login page that is configured with an identity provider option without other login options. The main format of the dedicated login pages for identity providers is https://auth.<masdomain>/idplogin/loginpage<query parameters>. For SAML dedicated login pages, no credentials are required for Maximo Application Suite, so the user is automatically redirected to the dedicated login page for the identity provider.
default
and seamless
instead of using a SAML dedicated login
page.- Required query parameters
- You can pass only the
&idp=<idp type>:<idp id>
query parameter to the dedicated login page endpoint. For local authentication, the<idp id>
cannot be included, and the query parameter is&idp=local
. For LDAP and SAML identity providers, the type and ID are needed. For example, for LDAP, the query parameter is&idp=ldap:default-ldap
, where theIDP ID
isdefault-ldap
. For SAML, the query parameter is&idp=saml:default-saml
, where the identity provider ID isdefault-saml
. After the user logs in, they are redirected to the Maximo Application Suite home page by default, unless the user appends optional query parameters to the dedicated login endpoint. - Optional query parameters
- Optional query parameters can be added to the dedicated login endpoint to
control which application the user is redirected to after login. To redirect to a specific
application page, both workspace ID
&wsid=<workspace id>
and application ID&appid=<application id>
need to be provided. For example, if a user logs in using the SAML integration and lands on the IBM Maximo Manage application page that uses workspacemasdev
, which assumes that the user has access to the page, then the dedicated login page URL is https://auth.<masdomain>/idplogin/loginpage?idp=saml:default-saml&wsid=masdev&appid=manage. A user can also use theapppath=<app path>
query parameter so that a user can land on a specific application page path after login.