Custom application

To implement single sign-on, you need to provide IBM® Security Verify or another configured Identity Provider with information about the application. Verify provides a predefined template for each of the application that it supports. If you can’t find a predefined template for your application, use the Custom Application template instead.

The Custom Application template requires almost the same set of information that is found in a predefined template, except that most of it isn’t automatically populated.

General information

Select Applications > Applications. Hover over an application name and select the settings icon Settings. On the General tab, specify the basic information about the custom application. See Setting the basic application details.

Single sign-on configuration

On the General settings Enable or Disable the function. Select if or Not displayed on launchpad. You must complete the field Description. Complete the Company name and Theme fields.
Note: Select Add owner to associate more people for its application interoperability if the application owners want more permissions.
On the Sign-on tab
  1. Select the Sign-on Method and provide the information for this requirement.
    Table 1. Sign-on Method
    Sign-on Method Descriptions
    Application Bookmark
    Select this type to create:
    • Any application that doesn’t support SAML but you still want to display the application on the user home page for the user to access.

      In this scenario, IBM Security Verify starts the application has that do URL without using SAML.

    • Any on application that is configured for single sign-on using your on-premises IBM Security Verify Access solution.

      In this scenario, if the user is authenticated with IBM Security Verify Access, then the user can access the on-premises application from the same home page.

    You need to specify the URL of the web page that is started when a user selects the application from the IBM Security Verify at the home page section.
    SAML 2.0

    Select this type to configure SAML sign-on on any application that supports SAML.

    See Configuring SAML single sign-on in the identity provider for information about enabling SAML in IBM Security Verify.
    OpenID Connect 1.0

    Select this type to configure OpenID Connect sign-on for any application that supports OpenID Connect.

    See Configuring OpenID Connect single sign-on in the custom application for information about enabling OpenID Connect in IBM Security Verify.
  2. Configure the access policies.
    1. Choose the identity providers that users can use to sign in to this application. These providers are defined from Configuration > Identity providers.
      Table 2. Identity providers
      Identity providers options Descriptions
      Allow all enterprise identity providers that are enabled for users
      Includes the following types of enterprise identity providers that are configured and enabled as a sign-in option for users:
      • Cloud Directory
      • IBMid
      • OnPrem LDAP
      • SAML Enterprise
      • Identity providers
        Note: For more information about this provider, see OIDC enterprise

      It does not include social Identity providers.
      Select specific supported Identity provider.

      Includes Cloud Directory and all the configured Identity providers, regardless if they are enabled or disabled from Configuration > Identity providers.

      You can assign a disabled identity provider but it is not available as a sign-in option until it is enabled.

      For more information about SSO enablement, see Single Sign-On Configuration.
    2. Select the policy that determines how users can access the application.

      You can continue to use the default access policy that is assigned, which is Allow access from all devices. Alternatively, you can select from the list of predefined access policies. For more information, see Access policies.

Entitlements

Note: This tab is not displayed until you save your application.

To assign who can access and use the application instance, see Managing application entitlements (by Administrator).

Privacy

Note: This tab is not displayed until you save your application.

The purposes and EULAs are displayed with name, description, tags, attributes that they include, and status.

  1. Add a purpose or EULA.
    1. Select Add purposes.
    2. Select the checkbox for the purpose or EULA that you want to add. You can select more than one.
    3. Select Add purposes.
  2. Remove a purpose or EULA.
    1. Select Add purposes.
    2. Select the checkbox for the purpose or EULA that you want to remove. You can select more than one.
    3. Select Remove.