By Michelle Kaufman Martin Smolny 2 min read
May 21, 2020

How can users log in to IBM Cloud?

Today, authentication in IBM Cloud only works with an IBMid. If you create an IBM Cloud account, then you either already have an IBMid or you created one to open the account. Also, if you invite users to your IBM Cloud account, accepting the invitation creates an IBMid user (if they aren’t one already).

How does federation work with IBMid in IBM Cloud?

To relieve your enterprise employees from having to create and manage an IBMid user just for logging into IBM Cloud, there is an option available to onboard employees to IBMid. This way, your enterprise employees can log into IBMid with their usual intranet credentials. For more information about setting up enterprise federation with IBMid, check out the federation guide.

This IBMid federation option provides many benefits and is widely used by many of our enterprise customers.  Nevertheless, federation onboarding to IBMid is a manual process between you and the IBMid team. And, there are certain requirements—such as a worldwide unique email address—that can’t be met by all customers.

While the existing solution of IBMid federation is helpful for many and a popular option, IBM Cloud Identity and Access Management (IAM) is now offering another option.

Using an external identity provider to federate users in IBM Cloud

IBM Cloud IAM can now leverage the IBM Cloud App ID service to connect to external identity providers and allow those users to log into an IBM Cloud account. This way, any external identity provider that is supported by App ID can be leveraged. 

Some of the benefits of integrating your App ID instance with IBM Cloud IAM include self-service federation instead of completing a manual onboarding with IBMid and no restrictions on email addresses or usernames like there is with IBMid federation, which requires a worldwide unique email address.

Review the following high-level steps for integrating an external identity provider into your IBM Cloud account:

  1. If you don’t have one already, create an IBM Cloud account. This step does require you to create or use an existing IBMid.
  2. Create an instance of the App ID service from the IBM Cloud Catalog and configure it so it connects correctly to your external identity provider. Remember, any user that can authenticate through your App ID instance can access your IBM Cloud account, so only allow users who you want to be able to access your account.
  3. In the IBM Cloud console, go to Manage > Access (IAM), and then click Identity providers. Here, you can create an IAM Identity provider that points to the App ID instance from Step 2.
  4. Copy the login URL from this page and provide it to your employees when logging into IBM Cloud. If you have an employee portal or website, you can create a link using this login URL so that everybody can easily log into IBM Cloud.

Tip: To further automate the handling of IBM Cloud account users, you can create access groups with dynamic rules. Whenever a user logs in to IBM Cloud, those rules are evaluated and the user is potentially added to an access group that gives access to specific resources in IBM Cloud.

Check out the documentation to learn more about this exciting new feature in IBM Cloud.

Categories

Announcements  |  cyber-security  |  management  |  Security  | 
Michelle Kaufman
Content Lead and Strategist, IBM Cloud Platform
Martin Smolny
IBM Cloud Identity and Access Management

More from Announcements
September 21, 2023

IBM TechXchange underscores the importance of AI skilling and partner innovation

3 min read - Generative AI and large language models are poised to impact how we all access and use information. But as organizations race to adopt these new technologies for business, it requires a global ecosystem of partners with industry expertise to identify the right enterprise use-cases for AI and the technical skills to implement the technology. During TechXchange, IBM's premier technical learning event in Las Vegas last week, IBM Partner Plus members including our Strategic Partners, resellers, software vendors, distributors and service…

August 29, 2023

Introducing Inspiring Voices, a podcast exploring the impactful journeys of great leaders

< 1 min read - Learning about other people's careers, life challenges, and successes is a true source of inspiration that can impact our own ambitions as well as life and business choices in great ways. Brought to you by the Executive Search and Integration team at IBM, the Inspiring Voices podcast will showcase great leaders, taking you inside their personal stories about life, career choices and how to make an impact. In this first episode, host David Jones, Executive Search Lead at IBM, brings…

August 18, 2023

IBM watsonx Assistant and NICE CXone combine capabilities for a new chapter in CCaaS

5 min read - In an age of instant everything, ensuring a positive customer experience has become a top priority for enterprises. When one third of customers (32%) say they will walk away from a brand they love after just one bad experience (source: PWC), organizations are now applying massive investments to this experience, particularly with their live agents and contact centers.  For many enterprises, that investment includes modernizing their call centers by moving to cloud-based Contact Center as a Service (CCaaS) platforms. CCaaS solutions…

August 2, 2023

See what’s new in SingleStoreDB with IBM 8.0

3 min read - Despite decades of progress in database systems, builders have compromised on at least one of the following: speed, reliability, or ease. They have two options: one, they could get a document database that is fast and easy, but can’t be relied on for mission-critical transactional applications. Or two, they could rely on a cloud data warehouse that is easy to set up, but only allows lagging analytics. Even then, each solution lacks something, forcing builders to deploy other databases for…