Connection overview
The Connection feature establishes a federation between an IBM® Verify Identity Access deployment and IBM Verify.
IBM Verify Identity Access contains several modules, including a Federation module. The Federation module provides features such as SAML 2.0 runtime and SAML 2.0 federation management. The connectivity to IBM Verify uses these Federation features, in addition to other features such as mapping modules. The Federation module must be activated before IBM Verify Identity Access users can access IBM Verify.
Activation of the Federation module usually requires a separate license. However, when you create a connection to IBM Verify, you can activate the Federation module without a Federation license. In this case, your entitlement to the Federation module is limited solely to use of a connection to IBM Verify.
You can use a wizard to automatically create the artifacts that are needed to connect to IBM Verify. You do not have to specify any values. Take note of the names of the artifacts. After the connection is fully configured, you can later use the LMI to customize them for your deployment.
| Type of artifact | Configuration entry | Value |
|---|---|---|
| Federation | IBM Verify Federation | ibmci |
| Mapping rule | IBM Verify mapping rule | ibmci |
| SSL Certificate | IBM Verify Personal SSL Certificate | Certificate label ibmci_federation |
The wizard exports IBM Verify Identity Access configuration information to IBM Verify, and imports IBM Verify configuration information to IBM Verify Identity Access.
| Exported configuration information | |
| Identity Provider federation metadata | The metadata necessary for communication between the identity provider and service provider, for single sign-on. |
| Single Sign On Initialization URL | The URL that starts the IP-initiated single sign-on during the sign-on flow. |
| Redirect URL | The URL to return the IBM Verify artifacts to IBM Verify Identity Access. |
| Security code | The one-time security code that the IBM Verify administrator must confirm during the configuration. |
| Imported configuration information | |
| Service Provider federation metadata | The service provider federation metadata, from IBM Verify, necessary for communication between the identity provider and service provider, for single sign-on. |
| Administration URL | The URL that is used to access IBM Verify for configuration and administration tasks. |
- After you create a connection, you can test, update, or delete the connection. You can audit connection and disconnection events.
- When you conduct IBM Verify Identity Access administration actions, ensure that you do not delete any of the artifacts that are used in the connection to IBM Verify. For example, in addition to mapping rules and keys, your connection might use an attribute source if you edited the federation to use attribute mapping. In this case, ensure that the needed attribute source is retained.
- You can check for any known limitations with the Connection feature on the IBM Support site: