Managing sign-in options

Edit online

You can specify the identity providers that are available at login for user and administrator work flows in Cloud Identity.

Before you begin

To enable FIDO2 or QR code login options for the identity providers, you must configure them separately. See Managing FIDO2 devices and QR login passwordless authentication.

About this task

The work flows are determined by the URL paths that are used to connect to Verify.

This task does not apply to social identity providers. See Managing identity providers for the types of identity providers that you can add and manage the sign-in options for.

Note: For federated and non-federated users, passwordless authentication, whether FIDO2 or QR, retrieves only data that is in the Cloud Directory registry. Fine grained attributes that are not in the federated record of user, for example the group membership of a user, are not available with passwordless authentication. To synchronize fine grained attributes like group membership, see IBM Verify Bridge for Directory Sync.

Procedure

  1. Select Security > Sign-in options
    The table displays the name and realm of the identity providers that are available and whether they are displayed for the administrator or user.
  2. Edit the sign-in options for an identity provider.
    1. Select the identity provider, click the menu icon, and select Edit sign in options.
    2. Select or clear the check boxes to determine whether the identity provider is shown to the user or administrator at login.
    3. Use the toggle to determine whether FIDO2 devices or QR codes can be used for user or admin login.
      Note: To hide a sign-in option, it must be toggled off in all the identity providers that are shown to the users or administrators. If you do not want users to see the option to sign in with a QR code, it must be off for users in all the identity providers that are shown. If it is set to On in one of the sources, it is displayed as a sign-in option even though it is set to Off in all the others. identity providers that exist but are not shown, do not affect the sign-in options.
    4. Click Save.
  3. Edit an identity provider.
    If you need to modify an identity provider, you can link directly to the identity provider configuration page.
    1. Select the identity provider, click the menu icon, and select Edit identity provider.
    2. Modify the identity provider.
      See Managing identity providers.
    3. Click Save.