Connection overview - IBM Cloud Identity Connect

Connection overview - IBM Cloud Identity Connect - IBM Security Verify

The Connection feature establishes a federation between Security Verify and IBM Cloud Identity Connect (ICIC). The ISAM Federation module provides federation management for SAML 2.0 runtime and SAML 2.0. The connectivity to ICIC uses these Federation features, in addition to other features such as mapping modules. The Federation module must be activated before ISAM users can access ICIC. Activation of the Federation module usually requires a separate license. However, when we create a connection to ICIC, we can activate the Federation module without a Federation license. In this case, your entitlement to the Federation module is limited solely to use of a connection to ICIC.
We can use a wizard to automatically create the artifacts needed to connect to ICIC. We do not have to specify any values. Take note of the names of the artifacts. After the connection is fully configured, we can later use the LMI to customize them for your deployment.

Type of artifact Configuration entry Value
Federation IBM Cloud Identity Connect Federation ibmci
Map rule IBM Cloud Identity Connect mapping rule ibmci
SSL Certificate IBM Cloud Identity Connect Personal SSL Certificate ibmci_federation (label)

The wizard exports ISAM configuration information to ICIC, and imports ICIC configuration information to ISAM.

Exported configuration information

Identity Provider federation metadata Metadata used for sso between the identity provider and service provider.
Single Sign On Initialization URL URL that starts the IP-initiated single sign-on during the sign-on flow.
Redirect URL The URL to return the ICIC artifacts to ISAM.
Security code The one-time security code the ICIC administrator must confirm during the configuration.

Imported configuration information

Service Provider federation metadata Metadata from ICIC. Necessary for SSO between the identity provider and service provider.
Administration URL The URL used to access ICIC for configuration and administration tasks.

After creating connection
After creating a connection, we can...

Test, update, or delete the connection.
Audit connection and disconnection events.
Check limitations with the Connection feature on the IBM Support site

When conducting ISAM administration actions, do not delete any of the artifacts used in the connection to ICIC. For example, in addition to mapping rules and keys, the connection might use an attribute source (attribute mapping).

Parent topic: Connect Verify Access to IBM Security Verify

Type of artifact	Configuration entry	Value
Federation	IBM Cloud Identity Connect Federation	ibmci
Map rule	IBM Cloud Identity Connect mapping rule	ibmci
SSL Certificate	IBM Cloud Identity Connect Personal SSL Certificate	ibmci_federation (label)

Identity Provider federation metadata	Metadata used for sso between the identity provider and service provider.
Single Sign On Initialization URL	URL that starts the IP-initiated single sign-on during the sign-on flow.
Redirect URL	The URL to return the ICIC artifacts to ISAM.
Security code	The one-time security code the ICIC administrator must confirm during the configuration.

Service Provider federation metadata	Metadata from ICIC. Necessary for SSO between the identity provider and service provider.
Administration URL	The URL used to access ICIC for configuration and administration tasks.