IBMid portals - OAN submission details

Submission contacts:


Cyro Jun Takeda - cyrot@br.ibm.com
IBMid Enterprise Federation Onboarding Coordinator

HenkJan de Vries - support@realconnections.nl
Cloud specialist - Okta implementation engineer

 

Introduction

IBMid has added support for IBM customers and partners to incorporate IBMid authentication to their organizations identity provider.  This allows the organizations identity provider to handle all the users leveraging IBM web applications and cloud services.  As a result, Company X can use their own login page and security controls to secure  access to IBM Cloud Apps or IBM Services.  

The IBMid itself is just the recognition of the identity within a users tenant.

To have the best experience, user should be able to choose the IBM portals which allows authentication with IBMid.

When the connection is established, users are able to JIT into IBMid with the domain email whenever they are not known within the IBMid environment.

 

Setup

To setup the SAML connection the following steps need to be followed:

  1. Contact IBM federation and submit the following:
    1.  the domain to federate
    2. te users to federate
    3. Okta app metadata xml file
  2. In okta create SAML app
  3. Single sign on url: 
    1. https://prepiam.toronto.ca.ibm.com/idaas/mtfim/sps/idaas/saml20 (pre-production)
    2. https://idaas.iam.ibm.com/idaas/mtfim/sps/idaas/saml20/login (production)
  4. Audience URI:
    1. https://idaas.iam.ibm.com/idaas/mtfim/sps/idaas/saml20
  5. name ID format: emailAddress
  6. Application username: Email
  7. Additional attribute statements:
    1. CountryCode - standard 2 character conversion
    2. firstName - user.firstName
    3. lastName - user.lastName
    4. emailAddress - user.email

 

App setup in the OAN

When a user would be able to add the app, they should follow these step.

  • Choose country (convert to 2character countrycode)
  • give domain to federate
  • choose for preproduction or production
  • Choice of IBM application which should be published on the dashboard

After this a metadata file should be ready for publication, which can be sent in for federation purposes.

After recognition by IBM, the portal should be ready for deployment within Okta.

 

List of portals

All the following apps should be available to (un)tick when deploying the IBMid portals

IBM Watson Workspace - https://workspace.ibm.com   (logo)

FixCentral - https://www.ibm.com/support/fixcentral/

Developersworks - https://www.ibm.com/developerworks/  (logo)

Bluemix Infrastructure - https://control.softlayer.com/?isIBMidLogin=1

IBM Support - https://www.ibm.com/support  (logo)

Passport Advantage Online - https://www.ibm.com/software/howtobuy/passportadvantage/paoreseller

Marktplace IBM Cloud - https://marketplace.ibmcloud.com/home

BlueMix - https://console.ng.bluemix.net/  (logo)

Watson Analytics - https://watson.analytics.ibmcloud.com/  (logo)

 

Links

IBM SAML data

IBMid Registration helpdesk

 

App logo

 **request OAN app logo from IBM for submission**

 

portal logo's

 **request all app logos from IBM for submission**