Skip to Main Content
IBM Sustainability Software - Ideas Portal


This portal is to open public enhancement requests against the products and services belonging to IBM Sustainability Software. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Functionality already exists
Created by Guest
Created on Aug 7, 2023

MAS Single Sign-On (SSO) – LDAP sync users to have SAML Authentication type

There is a limitation to use LDAP users sync and then use SSO for authentication of synced users.

Scenario: We want to sync users through LDAP and then use SSO (SAML Authentication) for login, so in this case we expect to have some system configuration, so that LDAP synced users have authentication type set as “SAML” and password “Managed by SAML”. Without this configuration, we won’t be able to leverage the SSO functionality.

Users synced through LDAP has authentication type as “LDAP” and password “Managed by LDAP”:

Problem – These users won’t be able to use Single Sign-On (SSO).

Users created manually in MAS, and set the authentication type and password managed by “SAML”:

These users are able to use SSO, but problem is we created the account manually. But, expectation is to sync users from Active Directory.

Idea priority Urgent
Needed By Yesterday (Let's go already!)
  • Admin
    Andrew Foster
    Reply
    |
    Aug 9, 2023

    Hi,

    Thank you for raising your Idea.

    I think what you are asking for is already possible in MAS today. LDAP users can be set to use LDAP, SAML or local authentication in the user registry sync screen.

    There are some limitations:

    Your LDAP user id must match with your SAML ID

    This is a global setting for all synchronized users.


    I hope this information is useful.

    1 reply