Configuring the Verify Bridge and the identity source

You can use the IBM® Security Verify user interface to configure the identity agent for Verify Bridge.

About this task

This configuration is for an external Verify Bridge. The configuration data includes attributes that:
  • Enable a running Verify Bridge to connect to an IBM Security Verify tenant.
  • Read its Verify hosted configuration.
  • Connect to its target identity data repository.
  • Periodically post its health status back to Verify.
The Verify Bridge configuration also includes a reference to the identity source configuration to which it is related.
Note: An agent must not be related to more than one identity source.

Procedure

  1. Select Intergrations > Identity agents.
  2. Click Create agent configuration.
  3. For purpose, select Authentication.
  4. Click Next.
  5. Configure the connection settings.
    1. Provide the following information to define the LDAP connection properties.
      External LDAP host URI
      This attribute is the on-premises LDAP server connection information. For a cluster LDAP fail-over setup, you can add multiple LDAP server URIs by clicking ADD URI.
      LDAP bind DN
      This attribute is the LDAP server connection user.
      LDAP bind password
      This attribute is the ldap server connection password.
      LDAP certificate authority certificate
      This optional attribute is the SSL certificate that is used if the on-premises agent requires a TLS connection to the LDAP server.
      View additional settings
      You can define the following settings.
      • The maximum number of simultaneous LDAP connections for the LDAP server.
      • How long the connection is maintained.
      • The idle time before the LDAP server closes a connection.
      • The maximum time to process a request.
  6. Click Next.
  7. Provide the user properties.
    Attributes
    This attribute is a list of comma-separated LDAP user attributes that are returned from a successful password verify operation.
    Binary attributes
    This attribute is a list of comma-separated binary LDAP user attributes that are returned from a successful password verify operation.
    Username attribute
    This attribute is the naming attribute such as user id that is used to look up a user for password verification.
    Object class
    This attribute is a list of comma-separated object classes that the LDAP user can have. The object classes are used with the username attribute to look up a user for password verification.
  8. Select Next.
  9. Map the identity provider attributes from the identity provider to the Verify Cloud Directory attributes.
    After you create the identity agent, you can change or update the mappings by using the edit function pencil icon on the agent's tile.
  10. Select Next.
  11. In Finalize configuration, provide the following information.
    • A unique and recognizable name for the agent
    • description
    • A display name for the identity provider
    • A realm for the identity provider
  12. Optional: Select View advanced settings to add configuration attributes or to select a certificate for encryption.
  13. Click Save and continue.
  14. In Next steps , do the following steps.
    1. Select View API credentials and use the copy to clipboard icon to copy and store the Client ID and Client secret.
    2. If not already downloaded, download the agent from IBM X-Force App Exchange.
    3. Add your API credentials to the agent configuration.
  15. Click Finish.
    The Verify Bridge configuration is added to Identity agents and the identity provider is listed in Authentication > Identity providers.