Enabling access for identity provider administration by using APIs

Note: In Maximo® Application Suite, customer-managed users can use the feature channel to update their nonproduction instances to preview new features. For more information, see What's new in the Maximo Application Suite feature channel for preview

You can enable user access for identity provider (IdP) management in nonproduction instances by using the IDP_ADMIN API.

About this task

A user with IdP management access can configure LDAP and SAML authentication, SMTP, and user registry synchronization. This user can also customize the user interface and manage certificates. IdP management access is a subset of system configuration with fewer access privileges. For example, this access type does not include the ability to deploy or activate applications or configure database connections.

Procedure

  1. Create an API key by using REST API so that you can authenticate Maximo Application SuiteAPIs.
  2. Enable IDP_ADMIN access for the user by issuing a POST request for the /v3/users API.
  3. Set up the access for local Identity Provider (IdP) by issuing a PUT request for the /v3/users/{userId}/idps/{idpId} API.

    The following example shows the payload for the user creation where the permission key for idpAdmin is set as true

    {
        "emails": [
            {
                "value": "test122@ibm.com",
                "type": "Work",
                "primary": true
            }
        ],
        "phoneNumbers": [],
        "addresses": [],
        "givenName": "",
        "familyName": "",
        "title": "",
    		"displayName": "",
        "permissions": {
            "systemAdmin": false,
            "userAdmin": false,
            "apikeyAdmin": false,
            "idpAdmin": true
        },
        "entitlement": {
            "application": "NONE",
            "admin": "NONE",
            "alwaysReserveLicense": false
        },
        "username": "test122",
        "id": "test122",
        "owner": "local"
    }

Results

After you enabled the access permissions, you can configure LDAP and SAML authentication, SMTP, and user registry synchronization. You also have the permissions to customize the user interface and manage certificates.