Cloud Identity API Integration
Cloud Identity supports several multi-factor authentication types including IBM Verify. One advantage of leveraging authentication methods from the cloud is the methods can be updated with newer technology more rapidly, and new methods can be adopted without the need for an ISAM update.
A second advantage is that Cloud Identity supplies both an email gateway and an SMS gateway, for SMS and Email OTP methods.
Instead of redirecting users to Cloud Identity to perform authentication the Cloud Identity API integration within Verify Access can be used. This allows for complete control over the look and feel of the authentication experience.
The API Integration is achieved through a series of Info Mapping rules as well as a new Authentication Mechanism type - Cloud Identity JavaScript. The new mechanism type is very similar to an Info Map mechanism, with a few extra properties.
- Cloud Identity JavaScript
The Cloud Identity JavaScript mechanism can be used to implement authentication and user self care flows between Security Verify Access, Cloud Identity, and the end user.- Authentication flow
One of the Cloud Identity JavaScript mapping rules provided out of the box is the Authentication rule, which operates at a high level as follows.- User Self Care flow
One of the Cloud Identity Javascript mapping rules provided out of the box is the User Self Care rule, which operates at a high level as follows:
Parent topic: Authentication