Configuring SAML with SCIM provisioning server
You can configure SAML with SCIM provisioning server to enable single sign-on (SSO) for users to access the applications within the cluster. The users can authenticate with the enterprise credentials to access applications within the cluster without having to create separate accounts for each application.
Configuring SAML with SCIM in your cluster
To configure SAML with SCIM provisioning cluster, complete the following steps:
-
Configure single-sign on (SSO) with the SAML using the your product console or CLI. For more information, see Configuring single sign-on with the SAML using the your product console or Configuring single sign-on with the SAML using the IdP APIs.
Ensure that you select the
SAML with SCIM dependency
configuration option when you configure SSO with the SAML to enable SCIM in your cluster. -
After you configure the cluster with the SSO, complete the SSO configuration of your IM solution provider. You can connect to any compatible SAML identity provider (IdP) with SAML support. The following are the sample IM solution providers for configuring SSO with SAML:
-
Microsoft Active Directory
For more information, see Configure SAML 2.0 provider settings for portals .
-
Keycloak
For more information, see Server Administration Guide .
-
IBM Security Verify
For more information, see IBM Security Verify.
-
Example of SAML with SCIM provisioning server
You need to copy the user repository from the IdP to the foundational services cluster with the inbound internet connection.
After you copy the user repository from the IdP to the foundational services cluster, the QRadar Suite uses SCIM to retrieve the users from the foundational services operator.
You can also configure SAML with SCIM provisioning server for OKTA and Azure active directory integration. For more information, see IBM Cloud Pak SCIM OKTA integration and IBM Cloud Pak SCIM AZURE AD integration.