Create a connection - IBM Cloud Identity Connect - IBM Security Verify

We can create a connection between IBM Security Verify Access (ISAM) and IBM Cloud Identity Connect (ICIC). The Local Management Interface (LMI) provides a menu entry...

We can establish a free trial subscription or establish a connection between our ISAM deployment and an existing subscription.

Steps

  1. If we did not previously activate the IBM Security Verify Access Base, activate it now. Click...

      Manage System Settings > Licensing and Activation

    Provide the Base activation license. The Base activation process requires a restart of the LMI.

  2. Click the icon...

      Connect IBM Cloud Identity

    If the Federation module is not activated, we are prompted to activate it.

  3. Click Activate Federation module.

    The Federation module is activated automatically. We do not need to enter an activation license.

  4. Choose one of the following actions:

    • To get a free trial of IBM Cloud Identity Connect, click Get a free trial.

      A new browser window opens and the wizard takes us to the Cloud Identity Trial Request page. Follow the instructions on the page.

    • If you already have a Cloud Identity Connect subscription, connect your Verify Access environment to your existing subscription. Continue with the next step.

  5. Click...

      Connect to IBM Cloud Identity

    Enter your Point of Contact server. Provide the identity provider host name and reverse proxy junction URI.

    The wizard provides point of contact URLs based on SAML 2.0 federations that exist in the ISAM appliance. Select a suggested URL or enter a different one. For example...

      https://www.mysp.example.com/isva

  6. Make note of the security code the wizard displays to confirm a match with a security code on the upcoming Cloud Identity Connect management screen. Click Connect. The wizard leaves the LMI, and opens a new browser tab with an IBM Cloud Identity administration page.

  7. Follow the instructions on the IBM Cloud Identity administration page.

  8. Verify the security code that is shown on the IBM Cloud Identity administration browser tab matches the security code shown in the LMI in the previous step. When you confirm the security code, the administration browser tab closes. The wizard returns to the IBM Security Verify Access LMI, and a success message displays.

  9. When prompted, deploy pending changes to the LMI. The prompt displays the configuration changes to be deployed, such as a new federation, mapping rule, or SSL certificate.

  10. In the LMI, configure the reverse proxy to set up access between the IBM Cloud Identity Connect federation and the reverse proxy appliances. Click Web > Manage > Reverse Proxy, and then click Manage > Federation Management > Add, and add a federation. For Federation Name, select IBM Cloud Identity.

    When complete, a system notification message indicates the federation was added successfully.

  11. Deploy the pending changes for the Reverse Proxy configuration File, and restart the reverse proxy instance.

You successfully connected to Cloud Identity Connect. We now click Connect IBM Cloud Identity to test the connection, update the connection configuration, or disconnect from Cloud Identity Connect.

By default, the users that authenticate to Cloud Identity Connect through IBM Security Access Manager have Cloud Identity Connect administrator privileges only if they belong to IBMCloudIdentityAdmins group in IBM Security Verify Access. As an administrator, we can change the behavior by changing the mapping rule.

Parent topic: Connect Verify Access to IBM Security Verify