|
Federate Security
|
|
|
|
IBMid manages the authentication of a user for all IBMid enabled applications and comes in two forms.
1, IBM managed – a global directory of user ids and passwords managed by IBM. For more information see: Create an IBMid
2, Enterprise federation – where the authentication of the user is managed by a third party idProvider. Examples of third party idProviders are AzureAD, PingFederate, OKTA, ADFS etc.
If you do not require federation then you do not need to do anything as IBM managed is the default. You may also find that your organisation is already federated.
Enterprise federation provides a Single Sign On (SSO) experience when using other applications configured with the same idProvider. The process and documentation can be found at IBMid Enterprise Federation.
To enable IBMid Enterprise federation a support ticket is raised against the “IBMid Enterprise Federation” product (My Support).
Note: If this is not listed in the product dropdown start typing “IBMid” and you will see it listed.
IBMid Enterprise federation is not application specific and is a Company to Company federation based on email domain i.e. @ibm.com.
Company wide means that all users of IBMid enabled services (including the IBM support site) are federated.
If a person leaves and are removed from your companies idProvider, they cannot access any application using IBMid.
Authorisation (access to an application and its security features i.e. access to Planning Analytics as a modeler) is controlled by the application so there is no concern that other people in your organization will be able to access Planning Analytics unless they are invited as a user.
You can continue to work in Planning Analytics while federation is being configured using an IBM managed id. E.g. a user can register with IBMid and start developing the planning application before federation is in place. Federation is transparent to Planning Analytics and the existing IBM managed users are simply migrated to federated users once federation is complete.
START NOW - IBMid federation takes a minimum of 35 days (longer if your company's internal diligence or resource availability holds back the process). Start as soon as possible by raising the support ticket asking for federation to be enabled.
For a list of common errors you may encounter during federation see: IBMid common errors