Skip to Main Content
IBM Sterling


This portal is to open public enhancement requests for IBM Sterling products and services. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Delivered
Categories APIs & SDKs
Created by Guest
Created on Aug 3, 2018

Allow for generic or service accounts that don't expire passwords for systems making calls

Either allow for generic or service accounts with non-expiring passwords or allow for other authentication means for apps that are making calls. Resetting every x days is intrusive.

What is your industry? Banking
How will this idea be used?

A user could integrate an app like Salesforce that makes REST API calls to PEM and issue a  service account that doesn't have an expiring password, so they don't need to reset/change it quarterly.

A user could integrate an app like Salesforce that supports token-based auth or key-based auth and use that rather than a password.

  • Guest
    Reply
    |
    Jul 8, 2020

    PEM calling PEM APIs can now use the internally-generated token authentication, and this is working.

    External system calling PEM as described in the original request, still requires changing the password every 90 days. There is no way to create a service account with a non-expiring password.

    One solution is a randomly generated API key that is only displayed once and functions as a password. Another solution is implementing SSO or LDAP authentication so the internal PEM user database is not used. Both these approaches are used in many large SaaS offerings.

  • Guest
    Reply
    |
    Feb 22, 2019

    We intend to address this requirement in an upcoming release.

  • Guest
    Reply
    |
    Feb 22, 2019

    We intend to address this requirement by supporting the use of tokens for the API Configurations.  This will allow the primary sponsor administrator to choose to support tokens rather than user name and password.  This will remove the need for the primary sponsor administrator to have to update the passwords on the various API Configurations when they update their login password.