Verify Access user

The Verify Access user configurations enable the SCIM web service to manage the ISAM security entities.

When Verify Access integration is enabled, the SCIM web service can perform the following operations to manage ISAM identity:

• Import a user to the secAuthority=<Domain> suffix

• Delete a user from the secAuthority=<Domain> suffix
• Enable or disable a user account
• Change a users password
• Mark a user password as invalid

This function is implemented through the urn:ietf:params:scim:schemas:extension:isam:1.0:User schema. The data that is available as a part of this schema can be obtained from the SCIM schema web service.

The Verify Access user configuration only works in conjunction with the user profile configuration if the LDAP registry and suffix used by the user profile configuration is known to ISAM (either as the ISAM user registry or a federated user registry).

Steps

1. From the top menu, go to AAC > Manage > SCIM Configuration.

2. Click Verify Access User.

3. Modify the following settings as needed.

   Enable Verify Access Integration

   Select this check box to enable the integration with ISAM and the management of ISAM users.

   Verify Access User Registry

   The name of an LDAP server connection. This LDAP server connection should reference the Security Verify Access user registry.

   This server connection is a pointer to an LDAP server connection that has been defined in the Advanced Access Control LDAP server connections page. This field contains a list of the available LDAP server connections and ISAM server connections. If an LDAP type is selected, it is used directly as the SCIM LDAP server. If an Verify Access Runtime type is selected, the bind details in the server connection are used along with the configured Verify Access Runtime LDAP server.Important: The selected server connection must contain the bind details for the Runtime Component LDAP server. Ensure that we configure the Runtime Component before you attempt to do this.

   This field is required.

   Type

   This field shows the server connection type for the selected LDAP server.

   If the server connection type is LDAP, the server connection is used as is. If the server connection type is Verify Access Runtime, the bind details in the server connection are used along with the configured Verify Access Runtime LDAP server.

   Verify Access Domain

   The ISAM domain name. The default value for this field is Default.

   Update Native Users

   This option defines Whether the uid attribute of the native user entry is updated with the ISAM user identity when an ISAM user is created. Enabling this option allows Security Verify Access to authenticate users with their Security Verify Access user identity.

4. Click Save to save the changes. Due to the caching of configuration data within the runtime, it might take up to 30 seconds before any deployed configuration changes become active.

Parent topic: SCIM configuration