Introduction
IBM Security Verify offers an unique feature to link various user accounts of an user as one identity. This will help to have same user experience for an user although he login using his / her different authentication provider.
Configuration
1. Tenant administrator need to configure the
'Primary identity source' for the tenant. By default it is set as
'Cloud Directory'.
- Login to Verify as Tenant administrator
- Navigate to Configuration > Identity Sources > Global settings
At present
Cloud directory, SAML identity sources are supported for setting as
Primary identity source
Lets keep the
Cloud directory as
Primary identity source2. Tenant administrator has also configured a SAML identity source. Details can be found at
SAML knowledge center3. Enable the identity linking for SAML identity source
- Login to Verify as Tenant administrator
- Navigate to Configuration > Identity Sources
- Select the SAML identity source
- Navigate to Identity linking section
- Enable the checkbox for Enable identity linking for this identity source
- Select the appropriate Unique user identifier from the list
- Enable the Just-in-time provisioning if user record need to be created in Primary identity source for the authenticating user whose record is not available. If not selected user whose record is not present in Primary identity source will not be allowed to authenticate and access protected resource
More details can be found at
Identity source configuration
User Experience
Create a user in Primary identity source
- Login to Verify as Tenant administrator
- Navigate to Users & groups
- Create a new user having username which matches with the existing user in SAML identity source (ex: jessica@dev-forest.com)
Login using user from secondary identity source
- In new browser, access the tenant login page
- Select the SAML identity source as login option
- Login with SAML user credentials
- Validate user is able to login successfully
Validate linked user details
- Login to Verify as Tenant administrator
- Navigate to Users & groups
- Validate the details of existing user (ex: jessica@dev-forest.com)
- User will have details of linked user account
As the new user is linked to existing user, it will have
access to all entitled applications. This will ensure that single user having multiple authentication account is treated as single user in Verify and have correct entitlements
To know more read
IBM Security Verify---------------------------------------
NILESH ATAL
IBM Security (India Software labs)
---------------------------------------
#IBM-Security-Verify#identity#Identity-check#Identity-Linking#SAML#Security#Security-verify#Verify