Connection overview

The Connection feature establishes a federation between an IBM® Security Verify Access deployment and IBM Security Verify.

IBM Security Verify Access contains several modules, including a Federation module. The Federation module provides features such as SAML 2.0 runtime and SAML 2.0 federation management. The connectivity to IBM Security Verify uses these Federation features, in addition to other features such as mapping modules. The Federation module must be activated before IBM Security Verify Access users can access IBM Security Verify.

Activation of the Federation module usually requires a separate license. However, when you create a connection to IBM Security Verify, you can activate the Federation module without a Federation license. In this case, your entitlement to the Federation module is limited solely to use of a connection to IBM Security Verify.

You can use a wizard to automatically create the artifacts that are needed to connect to IBM Security Verify. You do not have to specify any values. Take note of the names of the artifacts. After the connection is fully configured, you can later use the LMI to customize them for your deployment.

Table 1. IBM Security Verify connection artifacts
Type of artifact Configuration entry Value
Federation IBM Security Verify Federation ibmci
Mapping rule IBM Security Verify mapping rule ibmci
SSL Certificate IBM Security Verify Personal SSL Certificate Certificate label ibmci_federation

The wizard exports IBM Security Verify Access configuration information to IBM Security Verify, and imports IBM Security Verify configuration information to IBM Security Verify Access.

Table 2. Exported and imported configuration information
Exported configuration information
Identity Provider federation metadata The metadata necessary for communication between the identity provider and service provider, for single sign-on.
Single Sign On Initialization URL The URL that starts the IP-initiated single sign-on during the sign-on flow.
Redirect URL The URL to return the IBM Security Verify artifacts to IBM Security Verify Access.
Security code The one-time security code that the IBM Security Verify administrator must confirm during the configuration.
Imported configuration information
Service Provider federation metadata The service provider federation metadata, from IBM Security Verify, necessary for communication between the identity provider and service provider, for single sign-on.
Administration URL The URL that is used to access IBM Security Verify for configuration and administration tasks.
  • After you create a connection, you can test, update, or delete the connection. You can audit connection and disconnection events.
  • When you conduct IBM Security Verify Access administration actions, ensure that you do not delete any of the artifacts that are used in the connection to IBM Security Verify. For example, in addition to mapping rules and keys, your connection might use an attribute source if you edited the federation to use attribute mapping. In this case, ensure that the needed attribute source is retained.
  • You can check for any known limitations with the Connection feature on the IBM Support site: