IBM WFSS Ideas Portal



Our team welcomes any feedback and suggestions you have for improving our offerings. This forum allows us to connect your product improvement ideas with IBM product and engineering teams.


For product documentation, see Knowledge Center.
Create and View Support Cases and Use the Discussion Forum here


Reminder: This is not the place to submit defects or support needs, please use normal support channel for these cases


The shorter URL for this site is:

IBMers, please visit the WFSS Internal Ideas portal

Single Sign On improvement: mutli attributes logic

In current configuration, SSO works on 1 attribute from Payee table.

For example NAMEID=EMAILADRESS for login purposes.

For logging in manually that works fine, but for SSO it is to limited.
As a company, we have a autorisation platform where SSO is currently enabled for ICM based on NAMEID=MAILADRESS.
In order to have more flexibility and enable more of our internal stakeholders and Business Partners to use ICM, it would be a good investment (my opinion of course) to make SSO more flexible.


Example: we have a user of a business partner. He is in payee table and he is able to login manually.

We do not want to have SSO for him at the moment, since he can easily alter his emailadress and login through SSO as a different partner. Big security risk there of course.

In ICM Payee table we have a column where we link the User to a Partner ID.

From the SSO application we are able to sent not just the emailadress, but also the Partner ID (which they can't change).

For that to work with ICM, the configuration of SSO should be changed to 2 attributes instead of 1. In this case, NameID = mailadress and Partner ID = Partner ID.

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jun 20 2019
  • Need More Information
  • Attach files
  • Admin
    Paul Peters commented
    24 Jun 16:49

    Please comment and vote on this IDEA for feedback and support.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    04 Jul 17:52

    Hi Paul,


    The status shows "need more information", but I am not aware on which part there is information missing.

    Please help me help you ;)