Adding a device manager

Use this task for a general understanding of the configuration process of a device manager.

Before you begin

Note: The mtlsidaas global tenants for device managers are now deprecated and will be removed after March 2024. Go to Obtaining a vanity hostname to request a vanity domain. For more information, see Adding a device manager.

You must have administrative permission to complete this task.
Log in to the IBM Verify administration console as an Administrator.
To be able to use the certificate provider, your tenant must have a vanity hostname. See Obtaining a vanity hostname.

About this task

The steps in this task are generic. See the appropriate topic for the steps to configure a specific device manager.

Note: If you are using macOS Safari, you might encounter an issue in which you are not prompted for the client certificates that are issued by the device manager. To resolve the issue, you must configure the Mac OS Keychain identity preference.

On your Mac OS device, select Keychain Access.
Add an Identity Preference for the client certificate.
Set the identity preference location to tenant authentication URL. Click the keyboard Space and Include the com.apple.safari. For example, https://{mtls_enabled_tenant_name}/usc.

The identity preference is now in Keychain Access > Login > All items and the certificate prompt must be working correctly.

Procedure

Select Authentication > Device managers.
Select Add device manager.
Select the Type of device manager that you want to set up.
Provide the information for the General settings page.
On the API credentials page, enter the API details of your application and test the credentials.
On the User properties page, map the device manager attributes to IBM Verify attributes.

Note: Attribute names are case-insensitive and duplicate attributes are not allowed.
Create the root certificate profile.
Create a SCEP certificate profile.
Set the scopes. Add or remove it depending on availability.
Test the configuration.
Select Complete setup.