Managing users
Before a user can access and use partner applications in your organization, a user account profile must be created in the Verify cloud directory.
Before you begin
- You must have access to the Admin console. Both administrators and application owners can manage users. However, application owners are limited to creating, searching, and viewing users.
- Log in to the IBM® Security Verify administration console as an Administrator.
About this task
- Assigned as a member of a group. See Assigning group membership.
- Assigned as an application owner, someone who manages which users or groups can access the application. See Assigning application owners.
- Entitled to access an application. See Managing application entitlements (by administrator or application owner) or Managing application entitlements (by Application Owner).
- , when you add or edit a group.
- General tab, and when you add entitlements in the Entitlements tab from applications settings . , when you add an owner in the
- Cloud directory users
-
Also known as managed users or users with cloud identities.
These users are managed in Verify. You create the user accounts in the page. User data is stored in the IBM Security Verify cloud registry or cloud directory.
- Federated users
-
Also known as users with external identities or federated identities.
These users are managed outside of Verify. You can integrate Verify with on-premises identity provider applications and use their identity source for user authentication and provisioning.
A federated user is automatically provisioned in the Verify cloud directory on the first time that the user logs in to Verify. You can also manually add a profile for the federated user in the cloud directory.
You cannot reset the password of a federated user or add federated users to any group other than the
admin
andapplication owners
group. You cannot edit the user information you, but can change the enabled status of the user.Users with federated identities do not need to provide their passwords to access each application they are entitled. The identity provider validates the user identity and passes only an authentication token to the service provider to establish a trusted communication.