Skip to Main Content
Merative Ideas Portal

Shape the future of Merative!

We invite you to shape the future of Merative, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Post your ideas

Start by posting ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,

  1. Post an idea

  2. Upvote ideas that matter most to you

  3. Get feedback from the Merative team to refine your idea

Help Merative prioritize your ideas and requests

The Merative team may need your help to refine the ideas so they may ask for more information or feedback. The offering manager team will then decide if they can begin working on your idea. If they can start during the next development cycle, they will put the idea on the priority list. Each team at Merative works on a different schedule, where some ideas can be implemented right away, others may be placed on a different schedule.

Receive notification on the decision

Some ideas can be implemented at Merative, while others may not fit within the development plans for the product. In either case, the team will let you know as soon as possible. In some cases, we may be able to find alternatives for ideas which cannot be implemented in a reasonable time.


Merative External Privacy Statement: https://www.merative.com/privacy

Status Future consideration
Created by Garry Heap
Created on Nov 30, 2022

Check USERS.AccountEnabled as part of identity Only Authentication

If IdentityOnly authentication is configured for SSO (https://www.ibm.com/docs/en/spm/8.0.2?topic=authentication-identity-only) then the only check that is made by OOTB code is if the username exists.

This leaves a security gap if a user moves job or has access revoked, in that they can still access SPM if the SSO IdP side (e.g. ADFS) is not done correctly.

Customer Name Scottish Government
Market Segment Eligibility & Entitlement
Type of Request Idea
Market Opportunity

security

Usage frequency + #/type of users impacted

accounts are disabled multiple times per week as users leave

CURAM:Workarounds + Proposed Solution

workaround is to set the user ROLENAME to 'EMPTYROLE' , which is a custom role that contains no SIDs.

Better would be have the Identity Only code also check account enabled status

  • Attach files
  • CLAIRE MCGAFFEY
    Reply
    |
    Jan 18, 2023

    Hi Gary,

    We have reviewed your enhancement suggestion. Based on the information provided, our understanding of your request is as follows:

    • You are requesting an enhancement to how Identity Only authentication is handled in product to also check whether the user’s account is enabled.

    The theme is aligned with our current strategy for our product, and we have accepted your suggestion as a consideration for a future release.

    Thank you for taking the time to share your ideas with us. We are committed to involving our users in building our product roadmap and appreciate your suggestions.

    Thanks you,

    Sheryl Brenton, SPM Product Management Team

  • CLAIRE MCGAFFEY
    Reply
    |
    Dec 6, 2022

    Hi Gary,

    Thank you for taking the time to share your ideas with us. We are committed to involving our users in building our product roadmap and appreciate your suggestions.

    We will review the information you have provided and get back to you within 30 days. If additional details are required to complete our evaluation, we will send you a request for more information.

    Thank you,

    Sheryl Brenton, SPM Product Management Team