IBM Data and AI Ideas Portal for Customers


This portal is to open public enhancement requests against products and services offered by the IBM Data & AI organization. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:


Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,


Post your ideas

Post ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,

  1. Post an idea

  2. Upvote ideas that matter most to you

  3. Get feedback from the IBM team to refine your idea


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

IBM Employees should enter Ideas at https://ideas.ibm.com


Add a new idea Subscribe
Status Future consideration
Workspace watsonx.ai
Created by Guest
Created on Sep 12, 2024

RELATED IDEAS

watsonx.ai SaaS projects should support Trusted Profiles from cloud IAM for access

Currently, there are a few issues with watsonx.ai access management and pairing with cloud IAM. We have at least 1 bug open with IBM Cloud on this. However, it seems that Trusted Profiles aren't supported at all within watsonx.ai SaaS. Consider a identity provider integration for authorization where cloud IAM is integrated via Trusted Profiles to have users use their federated ID to access IBM Cloud accounts, instead of a direct user identity within IBM Cloud. This provides for a better experience around authorization groups that may be hosted on the identity provider (for example, within IBM we have BlueGroups that can automatically authorize a user to a particular account based on their group membership). This works for access group attachment as well, so a user can choose a Trusted Profile attached to their authorization group, automatically be put into the correct access groups, and have the correct authorization to cloud services without customized user identity sync to IBM Cloud.

 

watsonx.ai (the dataplatform.cloud.ibm.com services) do not respect federated ID attachment or Trusted Profiles however. We've tested this with a few users, where we have not added a user IAM object but rather asked that they use a Trusted Profile for access. They can automatically get all the access needed to cloud services on cloud.ibm.com, but once they attempt accessing a watsonx.ai project (with the correct configuration for access group attachment that they have), they receive a 403 error.

 

Supporting Trusted Profiles within access group attachment to watsonx.ai projects would greatly simplify the custom automation we need to create to sync user identities over from enterprise authorization groups. Additionally, it seems this is the preferred authn / authz method that IBM Cloud is having clients use, so the dataplatform services should probably support them. It's possible this is supported and we have something misconfigured, but we've double checked with other internal teams with the same requirements to validate that it doesn't seem like this has support today.

Needed By Month
  • Guest
    Reply
    |     Oct 1, 2024

    What is "correct configuration for access group attachment that they have"?

  • Guest
    Reply
    |     Sep 24, 2024

    Updates to this IDEA:

    * The scope of this is currently limited to watsonx.ai SaaS (generally I think of this as the bundled Watson Studio / Watson Machine Learning / COS integration and services that come with that). Services like DataStage / Watson Query / IBM Knowledge Catalog are not in scope.

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.