Manage a connection - IBM Cloud Identity Connect - IBM Security Verify

After creating a connection to IBM Cloud Identity Connect, we can test, update, or delete the connection. To administer connections with IBM Cloud Identity Connect, we must first create a user account with sufficient management authorization. To see the Roles and Features used in management authorization go to Local Management Interface panel...

The Features tab shows the permissions the role has for each feature. After you connect ISAM to IBM Cloud Identity Connect, the Features entries include IBM Cloud Identity.

Ensure the user account has the necessary roles. The capabilities assigned to each role for IBM Cloud Identity are the same as the capabilities assigned to that role for Federation. For example, the Global Administrator role has Write permission, for both Federations and IBM Cloud Identity. Similarly, the Security Viewer role has Read permission (but not Write) for both Federations and IBM Cloud Identity.

Steps

  1. Log in to the LMI as a user with sufficient administrative privileges to manage the connection to IBM Cloud Identity Connect. Click Cloud Identity.

  2. Complete a management task:

    • Test the connection

      1. In the wizard for IBM Cloud Identity Connect, click the customized URL. For example

        https://ibm-demo-example.ite1.ice.ibmcloudsecurity.com/ui/launchpad

        We might receive typical browser warnings about connection security when your certificate is self-signed. Confirm an exception if necessary.

      2. Log in as an administrative user who has sufficient authorization.

        When the connection is successful, the IBM Cloud Identity Connect launchpad is displayed in a new browser tab.

    • Updating the connection

      We can use the Update feature to export updated metadata from IBM Security Verify Access to IBM Cloud Identity Connect. For example, we might change information that we need to export, such as a label for the SSL certificate. The update feature does not create ISAM artifacts on the appliance. For example, if the default Cloud Identity Connect mapping rule or SSL certificates were previously deleted, they are not created as part of the update.

      1. In the wizard for IBM Cloud Identity Connect, click Update connection to IBM Cloud Identity. Click Next and make note of the security code. Click Connect and confirm the identity provider security code.

        When the update succeeds, the LMI displays a success message. If the update fails, review the error message.

        • FBTRBA441E: Unable to successfully complete connecting IBM Security Verify Access to IBM Cloud Identity.

          During the update, IBM Security Verify Access checks the metadata received from IBM Cloud Identity Connect. This message displays if the metadata is invalid.

        • Error: An unexpected error occurred while connecting IBM Security Verify Access to IBM Cloud Identity.

          This error is displayed if IBM Cloud Identity Connect encounters a problem when it imports the Verify Access artifacts or metadata after it initiates the connection.

      2. When prompted, deploy the pending changes.

    • Disconnecting

      Before disconnecting, ensure the IBM Cloud Identity Connect artifacts are not used by any other workflows. The disconnect operation removes the artifacts. Examples of artifacts include mapping rules and SSL certificates.

      1. In the wizard, click Disconnect from IBM Cloud Identity.

        When disconnection completes, the LMI displays a success message and prompts you Whether we want to delete the identity source from IBM Cloud Identity Connect. A link is provided to the delete action.

      2. To delete the identity source at IBM Cloud Identity Connect, click the link, and follow the instructions on the page.
      3. Return to the LMI. When prompted, deploy the pending changes.

Parent topic: Connect Verify Access to IBM Security Verify