IBM Technical Exchange India Security User Group

 View Only

Identity Linking in IBM Security Verify

By Nilesh Atal posted Thu May 13, 2021 05:10 AM

  
Introduction

IBM Security Verify offers an unique feature to link various user accounts of an user as one identity. This will help to have same user experience for an user although he login using his / her different authentication provider.



Configuration

1. Tenant administrator need to configure the 'Primary identity source' for the tenant. By default it is set as 'Cloud Directory'.
  • Login to Verify as Tenant administrator
  • Navigate to Configuration > Identity Sources > Global settings
Primary_ids.jpg

At present Cloud directory, SAML identity sources are supported for setting as Primary identity source
Lets keep the Cloud directory as Primary identity source

2. Tenant administrator has also configured a SAML identity source. Details can be found at SAML knowledge center

3. Enable the identity linking for SAML identity source
  • Login to Verify as Tenant administrator
  • Navigate to Configuration > Identity Sources
  • Select the SAML identity source
  • Navigate to Identity linking section
  • Enable the checkbox for Enable identity linking for this identity source
  • Select the appropriate Unique user identifier from the list
  • Enable the Just-in-time provisioning if user record need to be created in Primary identity source for the authenticating user whose record is not available. If not selected user whose record is not present in Primary identity source will not be allowed to authenticate and access protected resource
Secondary_ids.jpg


More details can be found at Identity source configuration

User Experience

Create a user in Primary identity source

  • Login to Verify as Tenant administrator
  • Navigate to Users & groups
  • Create a new user having username which matches with the existing user in SAML identity source (ex: jessica@dev-forest.com)
Existing_user.jpg


Login using user from secondary identity source

  • In new browser, access the tenant login page
  • Select the SAML identity source as login option

LSP_Select.jpg


  • Login with SAML user credentials


  • Validate user is able to login successfully



Validate linked user details

  • Login to Verify as Tenant administrator
  • Navigate to Users & groups
  • Validate the details of existing user (ex: jessica@dev-forest.com)
  • User will have details of linked user account


As the new user is linked to existing user, it will have access to all entitled applications. This will ensure that single user having multiple authentication account is treated as single user in Verify and have correct entitlements

To know more read IBM Security Verify

---------------------------------------
NILESH ATAL
IBM Security (India Software labs)
---------------------------------------

#IBM-Security-Verify
#identity
#Identity-check
#Identity-Linking
#SAML
#Security
#Security-verify
#Verify
0 comments
22 views

Permalink