Configuring GUI details in IBM Security Verify for multi-factor authentication

You can configure the GUI details including the tenant name, Client ID, secret, and user roles in IBM® Security Verify (ISV) to enable the multi-factor authentication feature through ISV. As a first step, you need to create an account in ISV that authenticates your credentials and verifies your email before providing you with access to configure the tenant and client details.

Follow the procedure to configure the GUI client for multi-factor authentication with IBM Security Verify:

  1. Create an account at the following URL: 
    https://www.ibm.com/in-en/products/verify-for-workforce-iam
  2. Click Try free edition.
  3. On the Set up your tenant page, type the tenant name.
    Note: Copy the tenant name. You need it for configuring multi-factor authentication in IBM Storage Scale GUI.
  4. Click Create tenant.
    An email notification from the ISV team confirms that your account is successfully created.
  5. Click Go To IBM Security Verify in the email that you received. The IBM Security Verify GUI is displayed.
  6. On the Welcome page, agree to the terms and conditions.
  7. From the navigation menu, click Security > API access.
  8. Click Add API client.
  9. On the Create API client page, choose the relevant entitlements for the client you are configuring.
    Note: You can use the Select all checkbox to select all the listed entitlements.
  10. Click Next.
  11. On the Custom scope page, select Allow configured scopes only to define scopes to limit access to the access tokens.
  12. Click Next.
  13. On the IP filter page, select Enable IP filtering to limit token creation requests to a specific range of IP addresses.
  14. Click Next.
  15. On the Additional properties page, provide any additional attributes that you need to define for the client.
    Note: Steps 11 - 13 are optional steps.
  16. Click Next.
  17. On the Confirm configuration page, type the client name and provide a description, if necessary. For example, scale-gui.
  18. Click Create API client.
  19. From the navigation menu, click Security > API access and select the API client that you have added in step 17.
  20. Click edit icon to view the configuration details.
  21. From the Configuration list copy the Client ID and Client secret that are automatically generated when the client is created and are available under the API credentials section.
  22. From the navigation menu, select Directory > Users & groups and then click Add user.
  23. On the Add user page, create a user and their related information that includes their mobile number and email address.
    Note:
    • Mobile number is necessary only if you want to enable mobile OTP as an authentication option for the user. If required, the user can change this number later. It is important to provide a number with a valid country code.
    • The username that you add here must be the same as the one configured in IBM Storage Scale GUI.
  24. Click Save.
    Your GUI client is now configured and GUI user is successfully added in the ISV repository.