After you create a connection to IBM® Verify, you can test, update, or delete the connection.
About this task
To administer connections with IBM Verify, you must first create a user account with sufficient management authorization.
The Local Management Interface panel displays the Roles and Features that are used in management authorization. The Features tab shows the permissions that the role has for each feature. After you connect IBM Verify Identity Access to IBM Verify, the Features entries include IBM Verify.
Ensure that the user account has the necessary roles. The capabilities that are assigned to each role for IBM Verify are the same as the capabilities assigned to that role for Federation. For example, the Global Administrator role has Write permission, for both Federations and IBM Verify. Similarly, the Security Viewer role has Read permission (but not Write) for both Federations and IBM Verify.
Procedure
-
Log in to the LMI as a user with sufficient administrative privileges to manage the connection to IBM Verify. Click Cloud Identity.
-
Complete a management task:
- Testing the connection
- In the wizard for IBM Verify, click the customized URL. For example
https://ibm-demo-example.ite1.ice.ibmcloudsecurity.com/ui/launchpad
You might receive typical browser warnings about connection security when your certificate is self-signed. Confirm an exception if necessary.
- Log in as an administrative user who has sufficient authorization.
When the connection is successful, the IBM Verify launchpad is displayed in a new browser tab.
- Updating the connection
You can use the Update feature to export updated metadata from IBM Verify Identity Access to IBM Verify. For example, you might change information that you need to export, such as a label for the SSL certificate.
Note: The update feature does not create IBM Verify Identity Access artifacts on the appliance. For example, if the default IBM Verify mapping rule or SSL certificates were previously deleted, they are not created as part of the update.
- In the wizard for IBM Verify, click Update connection to IBM Verify. Click Next and make note of the security code. Click Connect and confirm the identity provider security code.
When the update succeeds, the LMI displays a success message. If the update fails, review the error message.
FBTRBA441E: Unable to successfully complete connecting IBM Verify Identity Access to IBM Verify.
During the update, IBM Verify Identity Access checks the metadata received from IBM Verify. This message displays if the metadata is invalid.
Error: An unexpected error occurred while connecting IBM Verify Identity Access to IBM Verify.
This error is displayed if IBM Verify encounters a problem when it imports the Verify Identity Access artifacts or metadata after it initiates the connection.
- When prompted, deploy the pending changes.
- Disconnecting
Before you disconnect, ensure that the IBM Verify artifacts are not used by any other workflows. The disconnect operation removes the artifacts. Examples of artifacts include mapping rules and SSL certificates.
- In the wizard, click Disconnect from IBM Verify.
When disconnection completes, the LMI displays a success message and prompts you whether you want to delete the identity source from IBM Verify. A link is provided to the delete action.
- If you want to delete the identity source at IBM Verify, click the link, and follow the instructions on the page.
- Return to the LMI. When prompted, deploy the pending changes.