Federated authentication with IBMid

Federated authentication allows an organization's identity provider to handle all of the users leveraging IBM web applications and cloud services. As a result, an organization can use their own login page and security controls to secure access to IBM Cloud Apps or IBM Services.

In addition to the supported login by using IBMid single sign-on feature, we’ve also enabled you to be able to sign up for Sterling Order Management System using the same credentials that you already use for your company’s login. This makes it easier for you to remember just one ID and password when going out to Sterling Order Management System. When using an email address or user ID from a federated domain, you are redirected back to your company for authentication.
Important: When you are using federated authentication, IBMid is not required. All the user accounts are managed and authenticated by the organization's identity provider. You can use your corporate login ID to log in to Sterling Order Management System.

IBM leverages the Security Assertion Markup Language 2.0 (SAML 2.0) for this capability. SAML 2.0 is a standard version for exchanging authentication data between security domains. It is an XML-based protocol that uses a security token containing assertions to pass information between the organization's "Identity Provider," and the IBM Rely Party (RP), otherwise known as the Service Provider.

Security Assertion Markup Language (SAML) 2.0 and IBMid are used to implement federated authentication. A user logs in to Sterling Order Management System through the IBMid sign in page and authenticates through your organization's SAML identity provider. Configuring IBMid to use federated authentication does not require any changes to Sterling Order Management System security.

To enable federated authentication, review the IBMid Enterprise Federation Adoption Guide with your IT organization, and then contact IBM Support.

Login flow after an IBMid is linked to a Sterling Order Management System user

  1. User accesses the Sterling Order Management System application home page.
  2. User is redirected to the login page.
  3. User enters the IBMid login credentials.
  4. If the login is successful, the user is logged in to Sterling Order Management System application as the mapped OMS user ID.
    Important: If the user uses an IBMid that is not linked to any OMS user, the system displays the Sterling Order Management System application login screen. The user must then enter OMS user credentials to log in to the Sterling Order Management System application. On any subsequent login, the user is automatically logged in to the application's home page.

The following image shows the login flow when an IBMid is linked to an Sterling Order Management System user:

Figure 1. Login flow when an IBMid is linked to an Sterling Order Management System user
Login flow when an IBMid is linked to an user