Before you enable SAML:
The IBMid OAN application is pre-configured to pass the following SAML attributes: country, lastName, firstName, emailAddress as part of the SAML response.
Make sure that the country code field is populated in the user profile in standard two character conversion.
The Okta/IBMid SAML integration currently supports the following features:
For more information on the listed features, visit the Okta Glossary.
Contact the IBM Support team and request that they enable SAML 2.0 for your account.
Include the following data with your request:
Environment: Either Production Current, Pre-Production, Production New or Pre Production New.
Domain or user list to be federated.
Choice of IBM applications to be published on the dashboard.
IDP Metadata URL: Copy and paste the following into this field.
Sign into the Okta Admin dashboard to generate this value.IDP Trigger URL: Copy and paste the following into this field.
Sign into the Okta Admin Dashboard to generate this variable.
In Okta, select the Sign On tab for the IBMid app, then click Edit.
Enter the following in the Default Relay State field:
For Production Current and Production New environments: https://myibm.ibm.com/dashboard/
For Pre Production and Pre Production Newenvironments: https://wwwpoc.ibm.com/myibm/dashboard/
Click Save
The IBM Support team will process your request. After receiving a confirmation email, you can start assigning people to the application.
Make sure that you choose correct value in the Environment dropdown under the General tab in Okta. Choosing the wrong value will prevent you from authenticating via SAML to IBMid.
The following SAML attributes are supported:
| Name | Value |
|---|---|
| country | user.countryCode |
| lastName | ${user.lastName} |
| firstName | ${user.firstName} |
| emailAddress | ${user.email} |
Open the following URL:
For Production Current and Production environments: https://myibm.ibm.com/dashboard/
For Pre Production and Pre Production New environments: https://wwwpoc.ibm.com/myibm/dashboard/
Enter your email address, then click Continue:
