Skip to Main Content
IBM Data and AI Ideas Portal for Customers


This portal is to open public enhancement requests against products and services offered by the IBM Data & AI organization. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:


Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,


Post your ideas

Post ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,

  1. Post an idea

  2. Upvote ideas that matter most to you

  3. Get feedback from the IBM team to refine your idea


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

IBM Employees should enter Ideas at https://ideas.ibm.com


Status Not under consideration
Created by Guest
Created on Dec 6, 2021

LDAP with SSO combining multiple ID field types #cpfieldcsm #cpfield

Bank of America uses LDAP with SSO. They were trying to use user search field as mail, but could not. The support case tech SME responded:


Anytime an ID is used, you can not combine multiple ids as it will not serve the purpose.

By default it uses only one type of id, For example, cn, uid, or sAMAccountName.


Manoj further explained it this way:

If we use “user search field” as mail (current scenario), we can login with our email IDs using LDAP with SSO auth. But we can’t login with service IDs (non-email Ids).

And, if we use “user search field” as sAMAccountName, We can’t login with our email IDs with LDAP/SSO auth. But we can login with service Ids. Service Ids don’t have email ID associated with it.

The Aha!idea was created so we can login with emails IDs (with SSO) and service Ids both irrespective of “user search field” as mail or sAMAccountName.


The bank would like to pursue having this capability enabled.

See case for details:
https://www.ibm.com/mysupport/s/case/5003p00002b74IrAAI/cpd-login-doesnt-work-with-service-id-when-sso-enabled-impacting-applications?language=en_US

Needed By Quarter
  • Guest
    Reply
    |
    Mar 10, 2022

    Yalon, this is what Manoj Jain (BofA) sent me today to explain it further:

    If we use “user search field” as mail (current scenario), we can login with our email IDs using LDAP with SSO auth. But we can’t login with service IDs (non-email Ids).

    And, if we use “user search field” as sAMAccountName, we can’t login with our email IDs with LDAP/SSO auth. But we can login with service Ids. Service Ids don’t have email ID associated with it.

    The Aha! Idea was created so we can login with emails IDs (with SSO) and service Ids both irrespective of “user search field” as mail or sAMAccountName.


  • Guest
    Reply
    |
    Jan 13, 2022

    BofA engineer Manoj Jain responds to the two questions:

    1. Do you want users to be able to log in with an email and a username, or just email?

    Email id for users to be able to login with SSO.

    And a username too, so we can login with the service ID account (as service ID account doesn’t have email ID associated with it).

    2. Can you give more details?
    CPD 4.0.2 is SSO enabled and in LDAP configuration we are using "user search field" as mail. And in this case, we are not able to login to CPD with service ID when sso enabled.

    Also "user search field" , we tried both- mail or sAMAccountName

    With mail, we are not able to login with service ID as it gets authenticated with email addresses and our service ids are not associated with email address.

    When we tried sAMAccountName, service ids are getting logged in but non-service IDs (employee IDs) are not getting authenticated as non-services IDs are using email address as username.


  • Guest
    Reply
    |
    Jan 11, 2022

    From customer/Burt:

    Yes, it should be both.
    Email id for users to be able to login with sso. And a username too, so we can login with the service ID account (as service ID account doesn't have email ID associated with it).

  • Guest
    Reply
    |
    Jan 7, 2022

    Hi Burt,

    Do you want users to be able to log in with an email and a username, or just email? Can you give me more details?