Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.
IBM Security Verify (ISV) provides a unique authentication mechanism as "MaaS360 Cloud Extender" for MDM subscribed tenants which allows enterprise users to authenticate using their enterprise credentials to access the secured applications.This feature allows the ISV administrator to configure the authentication mechanism which allows enterprise users to use existing credentials to access the secured applications.Below are the steps to configure the "MaaS360 Cloud Extender" authentication mechanism.Step 1: Install and configure the Cloud ExtenderThe IBM® MaaS360® Cloud Extender® is a lightweight agent which is used to synchronize the users from on-premises corporate directories such as ADFS, Azure etc and the Cloud Identity tenant. Tenant administrator need to install and configure the Cloud Extender® at the corporate directories such as ADFS, Azure etc. Follow the "Cloud Extender Admin Guide" for more details:https://www.ibm.com/support/knowledgecenter/en/SS8H2S/com.ibm.mc.doc/ce_source/concepts/ce_install_container.htmNote: It will take around 10 minutes to synchronize the users from on-premises corporate directories and the Cloud Identity Step 2: Create 'MaaS360 Cloud Extender' identity sourceISV Tenant Administrator need to create a "MaaS360 Cloud Extender" identity source from the ISV Admin console. Details of the parameters to be configured is listed at:https://www.ibm.com/docs/en/security-verify?topic=sources-adding-maas360-cloud-extender-identity-sourceNote: Provide the unique "realm" name which is used to distinguish users from multiple identity sources that have the same user name. Its preferred to set the "realm" as the domain of the enterprise directory where Cloud Extender® is installed.Step 3: Set the Default Identity SourceISV Tenant Administrator need to set the "MaaS360 Cloud Extender" identity source as "Default Identity Source" for IBM MaaS360.From the Admin console navigate to Configuration > Identity Sources > Global Settings. Set the "Default Identity Source" as "MaaS360 Cloud Extender" created in above step. Also enable the Just-in-time user account provisioning so that user record gets created in ISV.Note: The default value for "Default Identity Source" remains as "Cloud Directory". If the "Default Identity Source" is not updated to newly created "MaaS360 Cloud Extender" identity source, then user will not get provisioned correctly in ISV.That's it.... ISV configuration is complete and enterprise users are ready to authenticate with the new identity source.Step 4: Login to IBM Security VerifyAccess the ISV login page which will display the "MaaS360 Cloud Extender" as one of the login option (if multiple login options are configured). User need to provide their enterprise credentials to login.For successful credentials user is allowed to login to ISV and access the protected resources.Note: Login may show error if there is any communication issue between IBM Security Verify and Cloud Extender®. User will be shown error message as:CSIAH0321E The system can't connect to the authentication bridge. Check that the the passthrough configuration is correct.
Configuration > Identity Sources > Global Settings.
CSIAH0321E The system can't connect to the authentication bridge. Check that the the passthrough configuration is correct.
Copy
By
Nilesh Atal
posted