Creating a connection

You can create a connection between IBM Security Access Manager and IBM Cloud Identity.

1. If you did not previously activate the IBM Security Access Manager Base, activate it now. Click Manage System Settings > Licensing and Activation, and provide the Base activation license. The activation process requires a restart of the LMI.
2. Click the icon Connect IBM Cloud Identity. If the Federation module is not activated, you are prompted to activate it.
3. Click Activate Federation module. The Federation module is activated automatically. You do not need to enter an activation license.
4. Choose one of the following actions:
   • To get a free trial of IBM Cloud Identity, click Get a free trial.

     A new browser window opens and the wizard takes you to the Cloud Identity Trial Requestpage. Follow the instructions on the page.

   • If you already have a Cloud Identity subscription, connect your ISAM environment to your existing subscription. Continue with the next step.
5. Click Connect to IBM Cloud Identity. Enter your Point of Contact server. Provide the identity provider host name and reverse proxy junction URI.

   The wizard provides point of contact URLs based on SAML 2.0 federations that exist in the ISAM appliance. Select a suggested URL or enter a different one.

   For example, https://www.mysp.example.com/isam
6. Make note of the security code that the wizard displays so that you can confirm a match with a security code on the upcoming Cloud Identity management screen. Click Connect. The wizard leaves the LMI, and opens a new browser tab with an IBM Cloud Identity administration page.
7. Follow the instructions on the IBM Cloud Identity administrationpage.
8. Verify that the security code that is shown on the IBM Cloud Identity administration browser tab matches the security code that was shown in the LMI in the previous step. When you confirm the security code, the administration browser tab closes. The wizard returns to the ISAM LMI, and a success message displays.
9. When prompted, deploy pending changes to the LMI. The prompt displays the configuration changes to be deployed, such as a new federation, mapping rule, or SSL certificate.
10. In the LMI, configure the reverse proxy to set up access between the IBM Cloud Identity federation and the reverse proxy appliances. Click Secure Web Settings > Manage > Reverse Proxy, and then click Manage > Federation Management > Add, and add a federation. For Federation Name, select IBM Cloud Identity.

    When complete, a system notification message indicates that the federation was added successfully.

11. Deploy the pending changes for the Reverse Proxy configuration File, and restart the reverse proxy instance.