Release Notes
Abstract
In addition to the existing user authentication types (local, corporate AD), MaaS360 extends support for corporate SAML user authentication during device enrollment for shared device sign-in. Administrator can use the Change Authentication Type option in the User Summary page to choose the authentication type applicable for a user account. Based on user authentication type, the user is seamlessly signed in to the device. The user sign-in experience is unified across different authentication type. To experience unified-sign in, contact IBM MaaS360 customer support team to enable this feature for the customer account.
Content
During sign-in, the UI screens that users sees on the device during authentication are dependent upon the type of authentication mode that is chosen in the Change Authentication Type workflow. For corporate SAML Auth mode, on launching the user authentication link on the device, user is seamlessly authenticated based on SSO for SAML. Similarly, for a local or corporate AD user authentication type, the UI screen prompts users to key in local username and password to authenticate and complete user sign-in.
Note: With corporate SAML support, you can use this option to sort user accounts with this authentication type from the portal User Directory. You can also bulk upload users with SAML Auth type by using the Bulk Import Users option in the User Directory and in the bulk upload file, specify the auth type column value as SAML.
The unified sign-in is a seamless sign-in experience that users encounter during the iOS and Android shared device sign-in. The Unified Sign-in is a web view experience of single sign-on (SSO) authentication where the portal URL authentication link opens in the browser within the app itself on the user device. On launching this link, the user is authenticated based on SSO for a SAML-based authentication mode. For corporate Active Directory (AD), or local user credentials, the unified sign-in experience is achieved by prompting the user to key in password for authentication.
Note: If the EULA Usage policy is enabled, then users see the EULA usage policy on the device for acceptance and then the sign-in completes. For more information about EULA Usage policy, see EULA self-serviceability.
To experience unified sign-in, contact IBM MaaS360 customer support team to enable this feature for the customer account. On enabling this feature, go to MaaS360 portal >User Summary > More > Change Authentication Type. In this option, you can change the user authentication type as needed such as local, corporate AD, or corporate SAML.
Note: You can sort users based on Authentication Type in the User Directory page. Administrator can edit an existing user authentication type for a user account anytime from the User Summary page. During Bulk Import Users as well, Administrator can assign the authentication type to users.
Based on the user authentication type, users experience the unified sign-in on the device as follows.
Unified sign-in for SAML based user authentication type UI screens on user device
Unified sign-in for local/corporate AD based user authentication type UI screens on user device
Note: Error Handling during user authentication during sign-in on device
- If user enters incorrect username, password, or domain, the authentication fails. User is requested to try again and enter valid credentials to complete the sign-in.
- In case the user account does not exist in the MaaS360 User Directory, contact IBM MaaS360 customer support team for further assistance.
Was this topic helpful?
Document Information
Modified date:
08 June 2020
UID
ibm16220932