Configuring Identifier-First-Authentication (IFA)

Edit online

Identifier‑First Authentication (IFA) requires IBM® Verify to collect a user identifier, determine the user’s organization, and route the user to the appropriate identity provider during sign‑in.

Before you begin

  • You must have administrative permission to complete this task.
  • Log in to the IBM Verify administration console.

About this task

This conditional, runtime behavior goes beyond standard authentication settings and must be defined explicitly. Flow designer provides the control needed to configure this logic, allowing you to determine which organization a user belongs to and route users correctly before applying themes to customize the visual login experience.

Procedure

  1. Navigate to User experience > Flow designer.
    Note: Flow designer must be enabled for your tenant and requires the appropriate administration permissions.
  2. Click Import to upload an existing Identifier‑First flow from the IBM Verify resources library
    1. Upload the .json file, and the flow will appear in your list.
  3. Open the imported flow and customize the routing logic:
    1. Prompt for the username (identifier‑first).
    2. Look up the user in your Verify directory.
    3. Determine the user's organization.
    4. Route the user to the correct organization‑specific enterprise IdP.
  4. Click Publish to activate the flow.
  5. Copy the flow trigger URL.
    Note: You will use this in step 2 when you are assigning themes to the IFA.
  6. Use Trace view to confirm that the username lookup, organization detection, and IdP routing work before you continue.

Results

You have successfully configured Identifier-First Authentication (IFA).

What to do next

Assign IFA to themes. See, Assigning Identifier-First Authentication (IFA) to themes.