Creating a connection

Edit online

You can create a connection between IBM® Verify Identity Access and IBM Verify.

About this task

The Verify Identity Access Local Management Interface (LMI) provides a menu entry Connect IBM Cloud Identity. You can establish a free trial subscription to IBM Verify, or establish a connection between your Verify Identity Access deployment and an existing subscription.

Procedure

  1. If you did not previously activate the IBM Verify Identity Access Base, activate it now. Click Manage System Settings > Licensing and Activation, and provide the Base activation license.
    The activation process requires a restart of the LMI.
  2. Click the icon Connect IBM Cloud Identity.
    If the Federation module is not activated, you are prompted to activate it.
  3. Click Activate Federation module.
    The Federation module is activated automatically. You do not need to enter an activation license.
  4. Choose one of the following actions:
    • To get a free trial of IBM Verify, click Get a free trial.

      A new browser window opens and the wizard takes you to the Cloud Identity Trial Request page. Follow the instructions on the page.

    • If you already have a Cloud Identity Connect subscription, connect your Verify Identity Access environment to your existing subscription. Continue with the next step.
  5. Click Connect to IBM Cloud Identity. Enter your Point of Contact server. Provide the identity provider host name and reverse proxy junction URI.

    The wizard provides point of contact URLs based on SAML 2.0 federations that exist in the IBM Verify Identity Access appliance. Select a suggested URL or enter a different one.

    For example, https://www.mysp.example.com/isva
  6. Make note of the security code that the wizard displays so that you can confirm a match with a security code on the upcoming IBM Verify management screen. Click Connect.
    The wizard leaves the Local Management Interface, and opens a new browser tab with an IBM Verify administration page.
  7. Follow the instructions on the IBM Verify administration page.
  8. Verify that the security code that is shown on the IBM Verify administration browser tab matches the security code that was shown in the Local Management Interface in the previous step.
    When you confirm the security code, the administration browser tab closes. The wizard returns to the IBM Verify Identity Access LMI, and a success message displays.
  9. When prompted, deploy pending changes to the Local Management Interface.
    The prompt displays the configuration changes to be deployed, such as a new federation, mapping rule, or SSL certificate.
  10. In the Local Management Interface, configure the reverse proxy to set up access between the IBM Verify federation and the reverse proxy appliances. Click Web > Manage > Reverse Proxy, and then click Manage > Federation Management > Add, and add a federation. For Federation Name, select IBM Verify.

    When complete, a system notification message indicates that the federation was added successfully.

  11. Deploy the pending changes for the Reverse Proxy configuration File, and restart the reverse proxy instance.

Results

You successfully connected to IBM Verify. You can now click Connect IBM Verify to test the connection, update the connection configuration, or disconnect from IBM Verify.

By default, the users that authenticate to IBM Verify through IBM Verify Identity Access have IBM Verify administrator privileges only if they belong to IBMCloudIdentityAdmins group in IBM Verify Identity Access. As an administrator, you can change the behavior by changing the mapping rule.