SSO integration
You can configure LDAP (Lightweight Directory Access Protocol), SAML2 (Security Assertion Markup Language), and OAuth (Open Authorization) for authenticating IBM Process Mining. To learn more about the SSO (single sign-on) integration for IBM Process Mining, see the following topics:
SSO configuration parameters
When OAuth or SAML is enabled, you can configure the following parameters in processmining.conf to control the authentication behavior:
sso.policy.useFormLoginAsLandingPage-
Controls the landing page when OAuth or SAML is enabled.
- Values:
trueorfalse - Default:
true
When set to
true, the landing page is the login page where users can select to log in with SSO or IBM Process Mining credentials.When set to
false, the landing page redirects directly to the SSO provider. To log in with IBM Process Mining credentials in this case, you must manually type the URLhttps://<pm_instance>/signinin the browser. - Values:
sso.usersEnabledLoginWithCredentials-
Specifies which users can log in with IBM Process Mining credentials when OAuth or SAML is enabled.
- Values: An array of usernames, for example
["maintenance.admin"] - Default: Empty array
[]
Only users enumerated in this field can log in with IBM Process Mining credentials. If the array is empty, no users can log in with IBM Process Mining credentials.
- Values: An array of usernames, for example
processmining.conf file,
make sure that you do it correctly. For more information, see Configuration file editing
guidelines.