Blueworks Live

Hello Simon!

I have asked a few people to help out with this answer and hopefully I hear back from them soon with an answer/guidance for you. In the meantime, I have found this configuration guide that might be helpful and hopefully help you answer the question. I have attached the link here. 

let me know if this helps you at all - I will try and get back to you with an answer soon!

Best, 

Gabriel 

------------------------------
Gabriel Marte Blanco

Original Message:
Sent: Tue July 05, 2022 03:28 PM
From: Simon Lant
Subject: JIT Provisioning

Hi Simon!

To activate JIT provisioning for Blueworks Live you need to first ensure your account is enabled for SSO. Blueworks Live uses IBMid for SSO federation, here is a quick video on the process: https://www.youtube.com/watch?v=c9tfADu-750

Once you work with our IBMid team to setup your account for federation, the JIT feature can then be enabled.

IBMid is the central authentication system at IBM that manages federation into Blueworks Live and many other IBM applications (such as support portal, community forums, etc).

Here is how JIT works:  If a user with a valid email in the realm try to log into your BWL account it automatically creates an IBMid for that user and also assigns a viewer license. 

There are two levels of JIT - one for IBMid  and the second for Blueworks Live.

1) When a new user tries to log into Blueworks (or any IBM system) for the first time, the JIT for IBMid is triggered and the user is given an IBMid on demand. This is done through your federation setup which passes the user's first name, last name, email and country attributes upon login attempt.

2) Once the IBMid is created then IBMid routes the user to their desired application. In this case, the user is trying to access Blueworks Live. This is where the second level of JIT comes into play:

a) If your account's BWL JIT flag is enabled - then the user is given a viewer license on demand and they can access the published processes

b) If your account's  BWL JIT flag is disabled - then the user gets an error that they do not have permission to access the account. This is the default setup, Blueworks Live is by invitation only - so unless an admin or user has invited a colleague, new users won't be able to login.

If you have any additional questions or need help please go ahead and open a support case with our team via our support portal https://www.ibm.com/mysupport/s/?language=en_US and we can guide you through the process.

Thanks very much and have a wonderful day!

Hi Simon!

To activate JIT provisioning for Blueworks Live you need to first ensure your account is enabled for SSO. Blueworks Live uses IBMid for SSO federation, here is a quick video on the process: https://www.youtube.com/watch?v=c9tfADu-750

Once you work with our IBMid team to setup your account for federation, the JIT feature can then be enabled.

IBMid is the central authentication system at IBM that manages federation into Blueworks Live and many other IBM applications (such as support portal, community forums, etc).

Here is how JIT works:  If a user with a valid email in the realm try to log into your BWL account it automatically creates an IBMid for that user and also assigns a viewer license. 

There are two levels of JIT - one for IBMid  and the second for Blueworks Live.

1) When a new user tries to log into Blueworks (or any IBM system) for the first time, the JIT for IBMid is triggered and the user is given an IBMid on demand. This is done through your federation setup which passes the user's first name, last name, email and country attributes upon login attempt.

2) Once the IBMid is created then IBMid routes the user to their desired application. In this case, the user is trying to access Blueworks Live. This is where the second level of JIT comes into play:

a) If your account's BWL JIT flag is enabled - then the user is given a viewer license on demand and they can access the published processes

b) If your account's  BWL JIT flag is disabled - then the user gets an error that they do not have permission to access the account. This is the default setup, Blueworks Live is by invitation only - so unless an admin or user has invited a colleague, new users won't be able to login.

If you have any additional questions or need help please go ahead and open a support case with our team via our support portal https://www.ibm.com/mysupport/s/?language=en_US and we can guide you through the process.

Thanks very much and have a wonderful day!

Hi Simon!

To activate JIT provisioning for Blueworks Live you need to first ensure your account is enabled for SSO. Blueworks Live uses IBMid for SSO federation, here is a quick video on the process: https://www.youtube.com/watch?v=c9tfADu-750

Once you work with our IBMid team to setup your account for federation, the JIT feature can then be enabled.

IBMid is the central authentication system at IBM that manages federation into Blueworks Live and many other IBM applications (such as support portal, community forums, etc).

Here is how JIT works:  If a user with a valid email in the realm try to log into your BWL account it automatically creates an IBMid for that user and also assigns a viewer license. 

There are two levels of JIT - one for IBMid  and the second for Blueworks Live.

1) When a new user tries to log into Blueworks (or any IBM system) for the first time, the JIT for IBMid is triggered and the user is given an IBMid on demand. This is done through your federation setup which passes the user's first name, last name, email and country attributes upon login attempt.

2) Once the IBMid is created then IBMid routes the user to their desired application. In this case, the user is trying to access Blueworks Live. This is where the second level of JIT comes into play:

a) If your account's BWL JIT flag is enabled - then the user is given a viewer license on demand and they can access the published processes

b) If your account's  BWL JIT flag is disabled - then the user gets an error that they do not have permission to access the account. This is the default setup, Blueworks Live is by invitation only - so unless an admin or user has invited a colleague, new users won't be able to login.

If you have any additional questions or need help please go ahead and open a support case with our team via our support portal https://www.ibm.com/mysupport/s/?language=en_US and we can guide you through the process.

Thanks very much and have a wonderful day!