Custom application
To implement single sign-on, you need to provide IBM® Security Verify or another configured identity provider with information about the application. Verify provides a predefined template for each of the application that it supports. If you can’t find a predefined template for your application, use the Custom Application template instead.
General information
On the General tab, specify the basic information about the custom application. See Setting the basic application details.
Single sign-on configuration
- Select the Sign-on Method and provide the required information.
Table 1. Sign-on Method Sign-on Method Descriptions Application Bookmark Select this type to create:- Any application that doesn’t support SAML but you still want to display the
application on the user home page for the user to access.
In this scenario, IBM Security Verify starts the application URL without using SAML.
- Any on-premise application that is configured for single sign-on using your on-premises IBM Security Verify Access solution.
In this scenario, if the user is authenticated with IBM Security Verify Access, then the user can access the on-premises application from the same home page.
You only need to specify the URL of the web page that is launched when a user clicks the application from the IBM Security Verify home page.
SAML 2.0 Select this type to configure SAML sign-on on any application that supports SAML.
See Configuring SAML single sign-on in the identity provider for information about enabling SAML in IBM Security Verify.
OpenID Connect 1.0 Select this type to configure OpenID Connect sign-on for any application that supports OpenID Connect.
See Configuring single sign-on in the OpenID Connect provider for information about enabling OpenID Connect in IBM Security Verify.
- Any application that doesn’t support SAML but you still want to display the
application on the user home page for the user to access.
- Configure the access policies.
- Choose the identity provider sources that users can use to sign in to this application. These
sources are defined from
Table 2. Identity sources Identity sources options Descriptions Allow all identity sources that are enabled for end users Includes the following types of identity sources that are configured and enabled as a sign-in option for end users:- Cloud Directory
- IBMid
- LDAP Pass-Through
- SAML Enterprise
It does not include social identity provider sources.
Select specific supported identity sources Includes Cloud Directory and all configured social identity provider sources, regardless if they are enabled or disabled from .
You can assign a disabled identity source but it will not be available as a sign-in option until it is enabled.
.
- Select the policy that determines how users can access the application.
You can continue to use the default access policy that is assigned, which is Allow access from all devices. Alternatively, you can select from the list of predefined access policies. For more information, see Access policies.
- Choose the identity provider sources that users can use to sign in to this application. These
sources are defined from
Entitlements
To assign who can access and use the application instance, see Managing application entitlements (by Administrator).
Privacy
The purposes and EULAs are displayed with name, description, tags, attributes that they include, and status.
- Add a purpose or EULA.
- Click Add purposes.
- Select the checkbox for the purpose or EULA that you want to add. You can select more than one.
- Click Add purposes.
- Remove a purpose or EULA.
- Click Add purposes.
- Select the checkbox for the purpose or EULA that you want to remove. You can select more than one.
- Click Remove.