Configuring an identity agent for authentication

About this task

A social identity provider source can be set up one time and it is used as a sign-in option for applications only. It cannot be used to sign in to the IBM® Security Verify Admin Console or My Homepage

Procedure

  1. Select Intergrations > Identity agents.
  2. Select Create agent configuration.
  3. Select Authentication as the purpose.
  4. Select Next.
  5. Configure the connection settings.
    1. Provide the following information to define the LDAP connection properties.
      External LDAP host URI
      This attribute is the on-premises LDAP server connection information. For a cluster LDAP fail-over setup, you can add multiple LDAP server URIs by selecting ADD URI.
      Base
      This attribute is the LDAP container search base for users.
      LDAP bind DN
      This attribute is the LDAP server connection user.
      LDAP bind password
      This attribute is the ldap server connection password.
      LDAP certificate authority certificate
      This optional attribute is the SSL certificate that is used if the on-premises agent requires a TLS connection to the LDAP server.
      View additional settings
      You can define the following settings.
      • Enable whether LDAP requires TLS.
      • The maximum number of simultaneous LDAP connections for the LDAP server.
      • How long a successful password authentication is cached
      • How long the connection is maintained.
      • The idle time before the LDAP server closes a connection.
      • The maximum time to process a request.
  6. Click Next.
  7. Provide the user properties.
    Attributes
    This attribute is a list of comma-separated LDAP user attributes that are returned from a successful password verify operation.
    Binary attributes
    This attribute is a list of comma-separated binary LDAP user attributes that are returned from a successful password verify operation.
    Username attribute
    This attribute is the naming attribute such as user id that is used to look up a user for password verification.
    Object class
    This attribute is a list of comma-separated object classes that the LDAP user can have. The object classes are used with the username attribute to look up a user for password verification.
  8. Select Next.
  9. Map the identity provider attributes from the identity provider to the Verify Cloud Directory attributes.
    After you create the identity agent, you can change or update the mappings by using the edit function pencil icon on the agent's tile.
  10. Select Next.
  11. In Finalize configuration, provide the following information.
    • A unique and recognizable name for the agent
    • description
    • A display name for the identity provider
    • A realm for the identity provider
  12. Optional: Select View advanced settings to add configuration attributes or to select a certificate for encryption.
  13. Click Save and continue.
  14. In Next steps , do the following steps.
    1. Select View API credentials and use the copy to clipboard icon to copy and store the Client ID and Client secret.
    2. If not already downloaded, download the agent from IBM X-Force App Exchange.
    3. Add your API credentials to the agent configuration.
  15. Click Finish.
    The configuration is added to Identity agents and the identity provider is listed in Authentication > Identity providers.