Configuring your application in Apple

To use Apple ID as an identity provider, you must configure your application in Apple.

Before you begin

You must have an Apple ID and developer account. Follow the steps in Adding a social identity provider.

About this task

Perform this task to get the following information that is needed to configure Apple as an identity providere in Verify.

Service ID
Key ID
Private key file
Team ID

Procedure

Log in to the Apple developers site at https://developer.apple.com/.
Create an App ID.
1. Click Certificates, Identifiers & Profiles.
2. Click Identifiers.
3. Select App IDs from the menu.
4. Click +.
5. On the Register a New Identifier page, ensure that App IDs is selected and click Continue.
6. Enter a description and a bundle ID.
7. Scroll down through the Capabilities list and select Sign In with Apple.
  Enable as a primary App ID is displayed.
8. Click Continue.
9. Verify that the information is correct and click Register.
Create a Service ID
The Service ID is needed for the Verify Apple identity source configuration.
1. Click Certificates, Identifiers & Profiles.
2. Click Identifiers.
3. Select Service IDs from the menu.
4. Click +.
5. On the Register a New IdentifierService ID page, ensure that Service IDs is selected and click Continue.
6. Enter a description and an identifier.
7. Click Continue.
8. Verify that the information is correct and click Register.
Enter the application domain and return URL.
This step is done after creating the identity source on Verify. See Adding a social identity provider. You need the redirect URL and the tenant name.
1. On the Identifiers page, select the Service ID that you created.
2. Select the service ID that you created.
3. Select Sign in with Apple.
4. Click Configure.
5. On the Web Authentication Configuration page, ensure that the correct Primary App ID is selected.
6. In Domains and Subdomains, enter the verify.ibm.com tenant name and domain.
  For example, mytenantname.verify.ibm.com
7. In Return URLs, enter the redirect URL.
  This URL is available when you create your identity source inVerify.
  For example, https://mytenantname.ice.ibmcloud.com/idaas/mtfim/sps/idaas/login/apple/callback
8. Click Next.
9. Verify the information and click Done.
10. Click Continue.
11. Click Save.
Create a private key for client authentication.
1. Click Certificates, Identifiers & Profiles.
2. Click Keys.
3. Click +.
4. Enter a key name.
5. Select the Sign in with Apple check box.
6. Click Configure.
7. Select the Primary App ID that the key is to be associated with and click Save.
8. Click Continue.
9. Click Register.
10. Click Download to download the key to your computer.
  
  Note: The key can be downloaded once only. Make sure that it is saved.
11. Click Done.
12. Select the key that you just created to view the Key ID.
  This key ID and the key file that you downloaded are needed in the Verify Apple identity source configuration.
Add an email domain.
1. Click Certificates, Identifiers & Profiles.
2. Click More.
3. Click Configure.
4. On the Configure Sign in with Apple for Email Communication page, click Email Sources.
5. Click +.
6. Enter the domain where the emails come from.
  The default Verify domain for emails is iam.ibm.com.
7. Click Next.
8. Click Register.
9. Click Done.
Get the Team ID.
This ID is needed in the Verify Apple identity source configuration.
1. Go to the Account page for the main page.
2. Click Membership to see the Team ID.
  The Team ID is also shown on the Certificates, Identifiers & Profiles page on the upper right.