Configuring IBM Security Verify as a service provider

Use this task to configure IBM® Security Verify as a service provider for Windows Active Directory.

Procedure

  1. Log in to Verify as an administrator.
  2. Click Configuration > Identity Sources.
  3. Click Add identity source.
  4. Select Saml Enterprise from the menu and click Next.
  5. Provide a unique name for the SAML integration.
    Type a name that clearly identifies the new identity source, such as ABCXYZ Corp ADFS.
  6. Optional: Provide the name of your realm.
    For a SAML Enterprise identity source, the realm value can be any unique name that you assigned when you created the identity source.
    For example,www.ABCXYZ.com
  7. Click the enable icon.
  8. Click Next.
  9. Select Identity Provider.
  10. Enter the URL that initiates a SAML connection from the identity provider.
    The URL format is https://ADFS_Server_FQDN/adfs/ls/IdpInitiatedSignOn.aspx?logintoRP=relying party identifier. Where the FQDN is the fully qualified domain name of the ADFS server and the relying party identifier is the actual identifier of the relying party on the ADFS console. To get the identifier, on the ADFS console navigate to ADFS > Trust Relationships > Relying Party Trusts.
    For example, https://adfs.corp.abcxyz.com/adfs/ls/IdpInitiatedSignOn.aspx?logintoRP=https://abcxyz.verify.ibm.com/saml/sps/saml20sp/saml20
  11. Upload the ADFS metadata file. Click the Identity provider metadata box area to browse to the metadata file that you downloaded previously. Select the file and click Open.
    Alternatively, drag the metadata file into the box area.
  12. Click Next.
  13. Provide the service provider metadata properties to you identity provider.
    You can use either of the options.
  14. Click Next.
  15. Optional: Enable identity linking
    1. Select the user identifier.
    2. Optional: Enable just-in-time-provisioning.
  16. Click Done.
    ABCXYZ Corp ADFS is displayed on the Settings page as an identity source.