SSO integration

You can configure LDAP (Lightweight Directory Access Protocol), SAML2 (Security Assertion Markup Language), and OAuth (Open Authorization) for authenticating IBM Process Mining. To learn more about the SSO (single sign-on) integration for IBM Process Mining, see the following topics:

SSO configuration parameters

When OAuth or SAML is enabled, you can configure the following parameters in processmining.conf to control the authentication behavior:

sso.policy.useFormLoginAsLandingPage

Controls the landing page when OAuth or SAML is enabled.

  • Values: true or false
  • Default: true

When set to true, the landing page is the login page where users can select to log in with SSO or IBM Process Mining credentials.

When set to false, the landing page redirects directly to the SSO provider. To log in with IBM Process Mining credentials in this case, you must manually type the URL https://<pm_instance>/signin in the browser.

sso.usersEnabledLoginWithCredentials

Specifies which users can log in with IBM Process Mining credentials when OAuth or SAML is enabled.

  • Values: An array of usernames, for example ["maintenance.admin"]
  • Default: Empty array []

Only users enumerated in this field can log in with IBM Process Mining credentials. If the array is empty, no users can log in with IBM Process Mining credentials.

Warning: When you introduce changes to the processmining.conf file, make sure that you do it correctly. For more information, see Configuration file editing guidelines.