You can create a connection between IBM Security Access Manager and IBM Cloud
Identity.
About this task
The Security Access Manager Local Management Interface (LMI) provides a menu entry
Connect IBM Cloud Identity. You can establish a free trial subscription to
IBM Cloud Identity, or establish a connection between your ISAM deployment and an existing
subscription.
Procedure
- If you did not previously activate the IBM Security Access Manager Base, activate it now. Click
Manage System Settings > Licensing and Activation, and provide the Base
activation license. The activation process requires a restart of the LMI.
- Click the icon Connect IBM Cloud Identity. If the Federation module is not activated, you are prompted to activate it.
- Click Activate Federation module. The Federation module is activated automatically. You do not need to enter an activation
license.
- Choose one of the following actions:
- Click Connect to IBM Cloud Identity. Enter your Point of Contact server.
Provide the identity provider host name and reverse proxy junction URI.
The wizard provides point of contact URLs based on SAML 2.0 federations that exist in the ISAM
appliance. Select a suggested URL or enter a different one.
For example, https://www.mysp.example.com/isam
- Make note of the security code that the wizard displays so that you can confirm a match with a
security code on the upcoming Cloud Identity management screen. Click
Connect. The wizard leaves the LMI, and opens a new browser tab with an IBM Cloud Identity
administration page.
- Follow the instructions on the IBM Cloud Identity administrationpage.
- Verify that the security code that is shown on the IBM Cloud Identity administration browser
tab matches the security code that was shown in the LMI in the previous step. When you confirm the security code, the administration browser tab closes. The wizard returns
to the ISAM LMI, and a success message displays.
- When prompted, deploy pending changes to the LMI. The prompt displays the configuration changes to be deployed, such as a new federation,
mapping rule, or SSL certificate.
- In the LMI, configure the reverse proxy to set up access between the IBM Cloud Identity
federation and the reverse proxy appliances. Click Secure Web Settings > Manage > Reverse
Proxy, and then click Manage > Federation Management > Add, and
add a federation. For Federation Name, select IBM Cloud Identity.
When complete, a system notification message indicates that the federation was added
successfully.
- Deploy the pending changes for the Reverse Proxy configuration File, and restart the reverse
proxy instance.
Results
You successfully connected to IBM Cloud Identity. You can now click Connect IBM Cloud
Identity to test the connection, update the connection configuration, or disconnect from
IBM Cloud Identity.
By default, the users that authenticate to IBM Cloud Identity through IBM Security Access Manager
have IBM Cloud Identity administrator privileges only if they belong to
IBMCloudIdentityAdmins group in IBM Security Access Manager. As an administrator,
you can change the behavior by changing the mapping rule.