Configuring a SAML Single Sign-on services in MaaS360

IBM® MaaS360® uses IBM Security Verify to provide SAML-based authentication for users. The SAML configuration enables administrators who are logging in to multiple services to login once and not worry about entering a password multiple times.

1. In the IBM MaaS360 Portal, go to Setup > Settings > Administrator Settings > Advanced. Go to Login Settings and select Configure Federated Single Sign-On.
2. Select Use SAML for Single Sign-On.
3. On the Configure SAML SSO configuration page, enter the IBM ID to create a IBM Verify Tenant. If you do not have an IBM ID, you must create one using this link: Sign up for an IBM ID.
4. After you enter the IBM ID and select Next, the IBM Verify tenant is created which serves as the Service Provider for your MaaS360 tenant.
5. On the Identity details page,
   • If your user directory is IBM Verify, then select the IBM Verify is the source of User Directory checkbox.
   • If your user directory is not IBM Verify, then follow the steps.
     1. Enter the Identity Provider Name. The Identity provider name is displayed in the IBM Verify authentication reports.
     2. In the Identity Provider Metadata tab, browse and select the Federation Metadata XML that is downloaded from Identity Provider. The supported file type is .XML.
     3. Make a note of the Assertion Costumer Service URL, and Entity ID to configure the Identity provider and then test authentication.
6. The Custom Login URL is what the administrators use to login to the IBM MaaS360 Portal after the SAML integration is completed.
7. Click Submit.