Custom application

To implement single sign-on, you need to provide IBM® Security Verify or another configured identity provider with information about the application. Verify provides a predefined template for each of the application that it supports. If you can’t find a predefined template for your application, use the Custom Application template instead.

The Custom Application template requires almost the same set of information found in a predefined template, except that most of it isn’t automatically populated.

General information

On the General tab, specify the basic information about the custom application. See Setting the basic application details.

Single sign-on configuration

On the Sign-on tab:
  1. Select the Sign-on Method and provide the required information.
    Table 1. Sign-on Method
    Sign-on Method Descriptions
    Application Bookmark
    Select this type to create:
    • Any application that doesn’t support SAML but you still want to display the application on the user home page for the user to access.

      In this scenario, IBM Security Verify starts the application URL without using SAML.

    • Any on-premise application that is configured for single sign-on using your on-premises IBM Security Verify Access solution.

      In this scenario, if the user is authenticated with IBM Security Verify Access, then the user can access the on-premises application from the same home page.

    You only need to specify the URL of the web page that is launched when a user clicks the application from the IBM Security Verify home page.

    SAML 2.0

    Select this type to configure SAML sign-on on any application that supports SAML.

    See Configuring SAML single sign-on in the identity provider for information about enabling SAML in IBM Security Verify.

    OpenID Connect 1.0

    Select this type to configure OpenID Connect sign-on for any application that supports OpenID Connect.

    See Configuring single sign-on in the OpenID Connect provider for information about enabling OpenID Connect in IBM Security Verify.

  2. Configure the access policies.
    1. Choose the identity provider sources that users can use to sign in to this application. These sources are defined from Configuration > Identity sources.
      Table 2. Identity sources
      Identity sources options Descriptions
      Allow all identity sources that are enabled for end users
      Includes the following types of identity sources that are configured and enabled as a sign-in option for end users:
      • Cloud Directory
      • IBMid
      • LDAP Pass-Through
      • SAML Enterprise

      It does not include social identity provider sources.

      Select specific supported identity sources

      Includes Cloud Directory and all configured social identity provider sources, regardless if they are enabled or disabled from Configuration > Identity sources.

      You can assign a disabled identity source but it will not be available as a sign-in option until it is enabled.

    2. Select the policy that determines how users can access the application.

      You can continue to use the default access policy that is assigned, which is Allow access from all devices. Alternatively, you can select from the list of predefined access policies. For more information, see Access policies.

Entitlements

Note: This tab is not displayed until you save your application.

To assign who can access and use the application instance, see Managing application entitlements (by Administrator).

Privacy

Note: This tab is not displayed until you save your application.

The purposes and EULAs are displayed with name, description, tags, attributes that they include, and status.

  1. Add a purpose or EULA.
    1. Click Add purposes.
    2. Select the checkbox for the purpose or EULA that you want to add. You can select more than one.
    3. Click Add purposes.
  2. Remove a purpose or EULA.
    1. Click Add purposes.
    2. Select the checkbox for the purpose or EULA that you want to remove. You can select more than one.
    3. Click Remove.