Managing identity providers
An identity provider is a repository that is used for user authentication and for provisioning accounts. You can configure more than one identity source provider. All configured and enabled identity providers are displayed as options in the Verify Sign In page. Users can sign in to Verify with any of these identity providers.
Before you begin
- You must have administrative permission to complete this task.
- Log in to the IBM® Security Verify administration console as an Administrator.
About this task
- Cloud Directory
-
It uses a user registry that is hosted in the cloud.
You can add users and groups information to this identity provider through .
This identity provider is used in an outbound SAML single sign-on setup. Verify verifies the user identity against data in this identity provider.
- SAML Enterprise
-
It uses a local user registry and exchanges SAML tokens to complete the authentication.
In a SAML single sign-on, Verify can be either of the following providers:- Identity provider
-
Verify depends on its own cloud registry or cloud directory as an identity provider.
- Service provider
-
You can integrate Verify with multiple identity providers to authenticate users. Users from external identity providers can single sign-on into Verify and their entitled applications without their Verify password.
This identity provider is used in an inbound SAML single sign-on setup; Verify is the service provider, and the target application is the identity provider.
You can use any identity provider that supports the SAML protocol as a SAML Enterprise identity provider. The identity provider authenticates the user identity against data in this identity provider before it grants access to Verify.
Note: When you add a SAML enterprise identity provider, its signer certificate is automatically imported in the page. - OIDC Enterprise
- Any identity provider that supports the OIDC protocol can be used as an OIDC Enterprise identity provider. The identity provider authenticates the user identity against data in this identity provider before it grants access to IBM Security Verify.
- IBMid
-
It uses the IBM identity access and management solution to provide users single sign-on to all of IBM's applications, services, communities, support, and others.
IBMid is the default sign-in option for first-time administrator sign-in to Verify. Only the Verify administrator can sign in to Verify by using IBMid. This identity provider is not applicable for end user sign-in.
After first-time administrator sign-in, you can enable the Cloud Directory or the configured SAML Enterprise identity providers as more sign-in options for subsequent administrator sign-in.
- MaaS360 Cloud Extender
-
The users' identities are verified against information that is stored in the enterprise repository or local user registry but the authentication request is delegated or passed through a different server or agent.
The identities of the authenticated users are federated in Verify. You can view their information in .
- Social
-
The users' identities are verified against their social network account. A social identity provider can be set up one time and it is used as a sign-in option for applications only. It cannot be used to sign in to the Verify Administrator Console or My Homepage. Verify supports the following social identity providers:
The identities of the authenticated users are federated in Verify. You can view their information in .
You can show or hide all identity providers from the administrator or end user Sign In page except for social identity providers. If more than one identity provider is enabled and displayed, the user must select which identity provider to use for authentication. For a simple user experience, enable and show only one identity provider. If only one identity provider is enabled, it becomes the default sign-in option for the user. The user does not have to select a preferred identity provider.
https://<hostname>.verify.ibm.com/authsvc/mtfim/sps/authsvc?PolicyId=urn:ibm:security:authentication:asf:basicldapuser