By configuring SAML user authentication with Maximo® Application Suite, you
integrate Maximo Application Suite as a service provider (SP) with your
organization's SAML Identity Provider (IdP).
About this task
Your Maximo Application Suite server acts as a service provider for the SAML
identity provider (IdP). You need to provide a preferred service provider name and select a name
identifier format, or you can use the default values. The information is written to a service
provider metadata file that you use to configure your SAML identity provider (IdP).
Starting in Maximo Application Suite 9.0, you can enable
initiated logout for the SAML service provider so that current user sessions are logged out before
another user logs in with the same credentials.
Procedure
-
In the Suite administration page, select
Configurations from the side navigation menu and then click SAML
authentication.
- Create SAML service provider information.
- Specify the display name.
- Specify your preferred service provider name that is used to register the Maximo Application Suite service provider.
- Select a name identifier format that is used with the SAML server.
- To enforce the logout of a user from the SAML service provider before
another user logs in with the same credentials, select Enable initiated
logout.
Note: When you configure your SAML IdP, you must also select the option to initiate single logout
that is described in step 3b.
- Generate the metadata file and then download the file that you use to configure the
data with SAML identity provider.
If you change the service provider name or the user identifier format after the initial
configuration, you must save and generate the Service provider metadata file to register the changes
with your SAML provider.
- Register with the SAML identity provider.
- In your IdP, configure your SAML IdP to recognize Maximo Application Suite.
You can upload the metadata file to your SAML IdP or use
the contents to configure the SAML IdP to recognize Maximo Application Suite
requests.
- Enable the single logout to initiate single logout with Maximo Application Suite and add the single logout URL.
The single logout URL is
the single logout service in the metadata file. For example,
https/auth.<domain>/ibm/saml20/<saml_name>/slo.
- After you configured your SAML IdP, download the SAML IdP metadata XML file to import
it into Maximo Application Suite.
- To complete the SAML configuration with Maximo Application Suite, in the
SAML authentication page, upload the SAML IdP metadata XML file.