IBM Support

Creating users in Sterling OMS while implementing SSO

Question & Answer


Question

When implementing the SSO in Sterling OMS, should the users be explicitly created in Sterling OMS or should it be enough if the users are created at the identity provider side?

Answer

When SSO is implemented in Sterling OMS, only the authentication happens at the identity provider side. The authorization still happens inside the Sterling OMS. The roles and permissions are still maintained inside Sterling OMS. Hence, in addition to having the user credentials at the identity provider side, the users have to be created explicitly in Sterling OMS as well. Only inside Sterling OMS, you can assign appropriate roles and groups to the users.

You can either use the application manager or the appropriate APIs to create and manage users in Sterling OMS.
The user ID present at the identity provider should have a unique mapping with the user ID present in the Sterling OMS. A single user present at the identity provider cannot be mapped to multiple users in Sterling OMS and vice-versa. The mapping is based on the value present in YFS_USER.OIDCSECONDARYID column. This is usually the SSO email ID that is used by the user to login with the identity provider.

Note that, you have to pass the Email ID in the Contact Address while creating the user itself. Only then, YFS_USER.OIDCSECONDARYID column is populated. If the user is already created and you try to update the Email ID, the column is not populated. Hence, you have to remove the user from Sterling OMS and re-create the same user (with same permissions) along with the Email ID in Contact Address.
Adding Email ID in Contact Address

[{"Type":"MASTER","Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS6PEW","label":"IBM Sterling Order Management"},"ARM Category":[{"code":"a8m0z000000cy00AAA","label":"Orders"}],"ARM Case Number":"TS015381368","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
15 February 2024

UID

ibm17116378

Page Feedback