Configuring provisioning for IBM Cloud

Edit online

Provision users from Verify to an IBM Cloud® application.

Before you begin

You need the following prerequisites.
  • An IBM Cloud user with an Organization Administrator role.

About this task

Provisioning provides the following features.
Create new users
New users that are created through Verify are also created in the IBM Cloud application with an account state of "PENDING" until user accepts the invitation that is received through mail.
Note: In order to update the account states on the target, it needs to be mapped to a custom attribute or custom rule. Account state can be set to ACTIVE, VPN_ONLY, SUSPENDED, IAMID_INVALID, or DISABLED_CLASSIC_INFRASTRUCTURE, but it can't be set to PROCESSING or PENDING.
Delete users
Deactivating the user or disabling the user's access to the application through Verify deletes the user in the IBM Cloud application.
Modify user profile
Updates made to the user's profile through Verify are pushed to the IBM Cloud application.
Account suspend and restore
Suspending a user through Verify deactivates the user, and restoring the user through Verify activates the user in the IBM Cloud application.
Account synchronization and remediation
The IBM Cloud application supports user synchronization, remediation, and group synchronization features.
Account synchronization fetches all the target application users in Verify and matches the fetched users with users in Verify. The adoption policy that is defined on the application specifies the matching attributes for adoption of the reconciled users.
Remediation policy can be configured to remediate user accounts with attribute values that differ between Verify and the target application. Verify supports the following three remediation policies.
  • Do not remediate non-compliant accounts automatically.
  • Update Verify account attribute values with the target application values.
  • Update target application account attribute values with Verify values.
Account synchronization fetches all the target application groups in Verify.
Fine grained entitlement
Fine grained entitlement is supported for the IBM Cloud application. Synchronization fetches all the IBM Cloud application. Synchronized fetches all the IBM Cloud application groups. Users can be added to or removed from groups.

Procedure

Log in to IBM Cloud Portal https://cloud.ibm.com/login as a user that has anOrganization Administrator role.
The following parameters are required to configure user provisioning in IBM Security® Verify:
Account ID
  1. Click Manage from the top menu, and then select Account from the drop-down menu.
  2. From the left menu, click Account settings.
  3. Use ID as an Account ID.
API Key
  1. Click Manage from the top menu, and then select Access (IAM) from the drop-down menu.
  2. From the left menu, click API keys.
  3. Click Create an IBM Cloud API key.
  4. Provide a meaningful Name for API key.