Developer time to value is critical when building applications. What's even more important is ensuring that the right people are kept out and the right people are allowed in to access the valuable data served by applications. It's critical in today's world that the proper tools enable developers to rapidly build applications and provide robust security capabilities. 

Two IBM products provide that developer experience are IBM Cloud App ID and IBM Cloud Identity. 

What is IBM Cloud App ID? 

IBM Cloud App ID is a cloud service that allows developers to easily add authentication and authorization capabilities to their applications while all the operational aspects of the service are handled by the IBM Cloud Platform. 

App ID is intended for developers that don't need or want to know anything about various security protocols. The service provides capabilities like Cloud Directory (a highly scalable user repository in the cloud), enterprise identity federation, social login, SSO, customizable Login Widget UI, flexible access controls and user profiles, multi-factor authentication, a set of open-sourced SDKs for easy app instrumentation, and more. 

A major benefit of using App ID is the deep integration with other IBM Cloud components that creates a seamless experience for easy protection of cloud native applications, including IBM Cloud Kubernetes Service, Cloud Functions, Cloud Foundry, API Connect, Activity Tracker, and more.  

What is IBM Cloud Identity? 

IBM Cloud Identity is a service that allows you to connect your users (and things) to any application that you have running either inside or outside of the enterprise. That means anything from legacy apps running in your data center to the new cloud native applications you are building for multicloud environments.  

Cloud Identity provides tools for developers but also makes it easy for administrators to configure access control policies that can be applied at runtime without modifying the underlying application. In addition to the capabilities you usually expect from an identity service, Cloud Identity provides advanced features like adaptive access, password-less authentication (e.g., FIDO2 and QR code based MFA), API protection, user governance, and more.

Leverage IBM Cloud App ID with an existing IBM Cloud Identity instance

Developers can take advantage of users in IBM Cloud Identity repositories and extend into IBM Cloud App ID capabilities through an IBM Cloud experience. Connecting these two products also allows developers to take advantage of advanced authentication capabilities to build secure applications. 

This opens up the capabilities that developers can take advantage of such as a delightful experience of easily adding user authentication to your app, protecting applications running on Kubernetes or OpenShift clusters, getting administrative and authentication events in Activity Tracker, leveraging advanced authentication capabilities, and more. 

This video and step by step walk through provides details on how you can take advantage of the capabilities provided by IBM Cloud App ID and IBM Cloud Identity: 



Steps:

1. Starting in the App ID dashboard:
   1. Go to SAML 2.0 Federation under Identity Providers.
   2. Specify the name you'd like to use for the provider.
   3. Click Download SAML Metadata file.
   4. Open the downloaded file.
   5. Note the entityID property under <EntityDescriptor> element.
   6. Note the Location property under <AssertionConsumerService> element.
2. Switch to the Cloud Identity Dashboard:
   1. Make sure your Cloud Identity instance has at least one user you'll be able to sign in with.
   2. Go to Applications and click Add application.
   3. Select a Custom Application type and give it a name.
   4. Go to the Sign-on tab.
   5. Copy the entityID value from 1.5 to the Provider ID box.
   6. Copy the Location value from 1.6 to the Assertion Consumer Service URL (HTTP-POST) box.
   7. Save your configuration and select users that are entitled to use this application.
   8. Switch back to the Sign-on tab.
   9. Note the Provider ID value on the right side of the screen.
   10. Note the Login URL on the right side of the screen.
   11. Note the Signing Certificate on the right side of the screen.
3. Back in the App ID dashboard:
   1. Copy the Provider ID value from 2.9 to the entityID box.
   2. Copy the Login URL value from 2.10 to the Sign-in URL box.
   3. Copy the Signing Certificate value from 2.11 to the Primary Certificate box.
   4. Save your settings.
   5. Click the Test button to see everything in working together.

Feedback and resources

We’d love to hear from you with feedback and questions:

• Reach out directly to the development team on Slack.
• If you have technical questions about App ID, post your question on Stack Overflow and tag your question with ibm-appid.
• For questions about the service and getting started instructions, use the IBM Developer Answers forum. Include the appid tag.
• Open a support ticket in the IBM Cloud menu.

To learn more about the service and get started, check out the following links.

• Create an instance of App ID.
• Read more in the App ID documentation: 
  • About the service 
  • Configuring SAML 2.0
  • Protecting containerized apps
  • Activity Tracker events
• Get the App ID Technical white paper
• Watch additional video tutorials on YouTube