Federated authentication

Federated authentication allows an organization's identity provider to handle all of the users leveraging IBM web applications and cloud services. As a result, an organization can use their own login page and security controls to secure access to IBM Cloud Apps or IBM Services.

In addition to the supported login by using IBMid single sign-on feature, we’ve also enabled you to be able to sign up for IBM® Sterling Order Management using the same credentials that you already use for your company’s login. This makes it easier for you to remember just one ID and password when going out to IBM Sterling Order Management. When using an email address or user ID from a federated domain, you are redirected back to your company for authentication.
Important: When you are using federated authentication, IBMid is not required. All the user accounts are managed and authenticated by the organization's identity provider. You can use your corporate login ID to log in to IBM Sterling Order Management.

IBM leverages the Security Assertion Markup Language 2.0 (SAML 2.0) for this capability. SAML 2.0 is a standard version for exchanging authentication data between security domains. It is an XML-based protocol that uses a security token containing assertions to pass information between the organization's "Identity Provider," and the IBM Rely Party (RP), otherwise known as the Service Provider.

Security Assertion Markup Language (SAML) 2.0 and IBMid are used to implement federated authentication. A user logs in to IBM Sterling Order Management through the IBMid sign in page and authenticates through your organization's SAML identity provider. Configuring IBMid to use federated authentication does not require any changes to IBM Sterling Order Management security.

To enable federated authentication, review the IBMid Enterprise Federation Adoption Guide with your IT organization, and then contact IBM Support.