Connection overview - IBM Cloud Identity Connect - IBM Security Verify
The Connection feature establishes a federation between Security Verify and IBM Cloud Identity Connect (ICIC). The ISAM Federation module provides federation management for SAML 2.0 runtime and SAML 2.0. The connectivity to ICIC uses these Federation features, in addition to other features such as mapping modules. The Federation module must be activated before ISAM users can access ICIC. Activation of the Federation module usually requires a separate license. However, when we create a connection to ICIC, we can activate the Federation module without a Federation license. In this case, your entitlement to the Federation module is limited solely to use of a connection to ICIC.
We can use a wizard to automatically create the artifacts needed to connect to ICIC. We do not have to specify any values. Take note of the names of the artifacts. After the connection is fully configured, we can later use the LMI to customize them for your deployment.
Type of artifact Configuration entry Value Federation IBM Cloud Identity Connect Federation ibmci Map rule IBM Cloud Identity Connect mapping rule ibmci SSL Certificate IBM Cloud Identity Connect Personal SSL Certificate ibmci_federation (label)
The wizard exports ISAM configuration information to ICIC, and imports ICIC configuration information to ISAM.
Exported configuration information
Identity Provider federation metadata Metadata used for sso between the identity provider and service provider. Single Sign On Initialization URL URL that starts the IP-initiated single sign-on during the sign-on flow. Redirect URL The URL to return the ICIC artifacts to ISAM. Security code The one-time security code the ICIC administrator must confirm during the configuration.
Imported configuration information
Service Provider federation metadata Metadata from ICIC. Necessary for SSO between the identity provider and service provider. Administration URL The URL used to access ICIC for configuration and administration tasks.
After creating connection
After creating a connection, we can...
- Test, update, or delete the connection.
- Audit connection and disconnection events.
- Check limitations with the Connection feature on the IBM Support site
When conducting ISAM administration actions, do not delete any of the artifacts used in the connection to ICIC. For example, in addition to mapping rules and keys, the connection might use an attribute source (attribute mapping).
Parent topic: Connect Verify Access to IBM Security Verify