Before RQA
version 3.1.0, RQA
primary administrators and administrators used Jazz® Authorization Server (JAS) Single
Sign-on (SSO) authentication to log in to the RQA
administrator dashboard. From RQA version 3.1.0 onward, apart from the JAS authentication, other
OIDC providers, such as Liberty, IBM® Security verify can also
be used as an SSO to log in to IBM
RQA
Administrator dashboard.
Procedure
From RQA version 3.1.0 onward, existing users that use
DOORS® Next and use
JAS authentication to log in to the
RQA
administrator dashboard can continue as is. For users that will use
RQA for
DOORS,
the administrator configuration will be done either through JAS or by an IBM Security Verify OIDC
provider.
The administrator needs to complete the following steps to use IBM Security Verify as an OIDC provider for IBM
RQA
customer-managed:
- Open the IBM Security Verify link in the browser to start a free trial.
- Click Try Verify Now.
- Fill up the new account information to create an account, and click Get the
free edition. If you already have an IBM account, click the Log
in link.
After you are successfully logged in, you can set up the IBM Security verify client registration.
- Enter the suitable domain name, for example, ibmrqa in the
Hostname field on the Set up your tenant page, and click
Create Tenant.
A tenant is created for you.
- Click View IBM's Terms and Conditions link to view the terms and
conditions, select I agree to IBM's Terms and Conditions checkbox, and click
Continue.
- Select the role that best aligns you. If you don't want to select the role, click
Other, and Maybe later.
- On the IBM Security Verify dashboard, click the Add application
link.
- On the Applications page, click Add
application.
- In the Select Application Type window, click Custom
Application, and click Add application.
- Enter the following details in the Custom Application page:
- Enter the custom application name in the Custom Application field.
Example: IBM RQA Client.
- Enter the name of your company in the Company name field.
- Click Add owner only if you want to add more IBM Security Verify application owners.
Important: By default, creator
of this application is the application owner and can be assigned as a RQA
primary administrator.
- Click the Sign-on tab, and enter the following details:
- Select Open ID Connect 1.0 from the Sign-on method
field.
- Enter the IBM RQA
administrator dashboard route url in the Application URL field.
- Select Authorization code and Implicit Grant
types.
- Clear the Require proof key for code exchange (PKCE) checkbox.
- Select Do not ask for consent from the User
consent field.
- Enter your
<IBM RQA Admin dashboard route>/auth/sso/
callback URI in the
Redirect URIs field.
- Click the Generate refresh token checkbox.
- Select server from the Signing certificate
list.
- Click Allow all identity sources that are enabled for end users (2
sources) from the Access policies section.
Note: You can also change it to cloud
Identity. To do so, you need to create users by using Users and groups
menu.
- Clear the Restrict custom scopes checkbox, and click
Save.
The Entitlements tab is shown.
- Click Automatic Access to all users and groups that enables IBMId
and cloud directory users to access the RQA
administrator dashboard.
- Click the Sign-on tab to get the Client ID and the Client secret
that is generated.
Important: As shown in the screen capture, The OpenID Connect single sign-on (SSO)
configuration steps are shown in the right side of the page. Copy the OpenID configuration URL from
step 5. You need the URL when you create an IBM
RQA
instance.
What to do next
Create users and add them as
RQA
administrators from the RQA
administrator dashboard.