Configuring SAML authentication

By configuring SAML user authentication with Maximo® Application Suite, you integrate Maximo Application Suite as a service provider (SP) with your organization's SAML Identity Provider (IdP).

About this task

Your Maximo Application Suite server acts as a service provider for the SAML identity provider (IdP). You need to provide a preferred service provider name and select a name identifier format, or you can use the default values. The information is written to a service provider metadata file that you use to configure your SAML identity provider (IdP).

Starting in Maximo Application Suite 9.0, you can enable initiated logout for the SAML service provider so that current user sessions are logged out before another user logs in with the same credentials.

Procedure

  1. In the Suite administration page, select Configurations from the side navigation menu and then click SAML authentication.
  2. Create SAML service provider information.
    1. Specify the display name.
    2. Specify your preferred service provider name that is used to register the Maximo Application Suite service provider.
    3. Select a name identifier format that is used with the SAML server.
    4. To enforce the logout of a user from the SAML service provider before another user logs in with the same credentials, select Enable initiated logout.
      Note: When you configure your SAML IdP, you must also select the option to initiate single logout that is described in step 3b.
    5. Generate the metadata file and then download the file that you use to configure the data with SAML identity provider.

    If you change the service provider name or the user identifier format after the initial configuration, you must save and generate the Service provider metadata file to register the changes with your SAML provider.

  3. Register with the SAML identity provider.
    1. In your IdP, configure your SAML IdP to recognize Maximo Application Suite.
      You can upload the metadata file to your SAML IdP or use the contents to configure the SAML IdP to recognize Maximo Application Suite requests.
    2. Enable the single logout to initiate single logout with Maximo Application Suite and add the single logout URL.
      The single logout URL is the single logout service in the metadata file. For example, https/auth.<domain>/ibm/saml20/<saml_name>/slo.
    3. After you configured your SAML IdP, download the SAML IdP metadata XML file to import it into Maximo Application Suite.
  4. To complete the SAML configuration with Maximo Application Suite, in the SAML authentication page, upload the SAML IdP metadata XML file.