Custom application
To implement single sign-on, you need to provide IBM® Security Verify or another configured Identity Provider with information about the application. Verify provides a predefined template for each of the application that it supports. If you can’t find a predefined template for your application, use the Custom Application template instead.
General information
Select Hover over an application name and select the settings icon .. On the General
tab, specify the basic information about the custom application. See Setting the basic application
details.
Single sign-on configuration
- Select the Sign-on Method and provide the information for this
requirement.
Table 1. Sign-on Method Sign-on Method Descriptions Application Bookmark Select this type to create:- Any application that doesn’t support SAML but you still want to display the
application on the user home page for the user to access.
In this scenario, IBM Security Verify starts the application has that do URL without using SAML.
- Any on application that is configured for single sign-on using your on-premises IBM Security Verify Access solution.
In this scenario, if the user is authenticated with IBM Security Verify Access, then the user can access the on-premises application from the same home page.
You need to specify the URL of the web page that is started when a user selects the application from the IBM Security Verify at the home page section.
SAML 2.0 Select this type to configure SAML sign-on on any application that supports SAML.
See Configuring SAML single sign-on in the identity provider for information about enabling SAML in IBM Security Verify.
OpenID Connect 1.0 Select this type to configure OpenID Connect sign-on for any application that supports OpenID Connect.
See Configuring OpenID Connect single sign-on in the custom application for information about enabling OpenID Connect in IBM Security Verify.
- Any application that doesn’t support SAML but you still want to display the
application on the user home page for the user to access.
- Configure the access policies.
- Choose the identity providers
that users can use to sign in to this application. These providers
are defined from .
Table 2. Identity providers Identity providers options Descriptions Allow all enterprise identity providers that are enabled for users Includes the following types of enterprise identity providers that are configured and enabled as a sign-in option for users:- Cloud Directory
- IBMid
- OnPrem LDAP
- SAML Enterprise
- Identity providersNote: For more information about this provider, see OIDC enterprise
It does not include social Identity providers.
Select specific supported Identity provider. Includes Cloud Directory and all the configured Identity providers, regardless if they are enabled or disabled from .
You can assign a disabled identity provider but it is not available as a sign-in option until it is enabled.
For more information about SSO enablement, see Single Sign-On Configuration.
- Select the policy that determines how users can access the application.
You can continue to use the default access policy that is assigned, which is Allow access from all devices. Alternatively, you can select from the list of predefined access policies. For more information, see Access policies.
- Choose the identity providers
that users can use to sign in to this application. These providers
are defined from .
Entitlements
To assign who can access and use the application instance, see Managing application entitlements (by Administrator).
Privacy
The purposes and EULAs are displayed with name, description, tags, attributes that they include, and status.
- Add a purpose or EULA.
- Select Add purposes.
- Select the checkbox for the purpose or EULA that you want to add. You can select more than one.
- Select Add purposes.
- Remove a purpose or EULA.
- Select Add purposes.
- Select the checkbox for the purpose or EULA that you want to remove. You can select more than one.
- Select Remove.