This article provides information about the SAML based single sign-on (SSO) between IBM Security Verify & IBM Instana Observability SaaS platform. IBM Security Verify tenant is configured as IDP (Identity Provider) and IBM Instana tenant is SP (Service Provider).
IBM Security Verfiy provides the Applications Launchpad to authenticated users where user can access all available cloud applications with seamless user experience by configuring applications to use most commonly federation protocols e.g. SAML or OpenID for SSO.
IBM Security Verify (SaaS) is a cloud base solution for managing customer and workforce identity and access, with features including single-sign-on, multifactor authentication, adaptive AI-based access, password-less access, and lifecycle and consent management.
IBM® Instana Observability (Instana) is a fully automated application performance management (APM) solution designed for the challenges of managing microservice and cloud-native applications. Instana automatically makes your applications and services visible, provides context to that observed information, and then enables you to take intelligent action based on that information.
High level steps which need to be configured are as follows:
- Download the Configuration metadata file from IBM Instana Observability (Service Provider)
- Create an application in IBM Security Verify and upload the Instana Configuration metadata file
- Download the Configuration metadata file from IBM Security Verify (Identity Provider)
- Configure Authentication module on IBM Instana to upload IBM Security Verfiy Configuration metadata file
The detailed configuration steps are outlined below:
(1) Download the Configuration metadata file from IBM Instana Observability (SP)
· Login to the IBM Instana administrator web console and click on Settings icon.
· Click on Authentication tab which shows All available Identity Providers configuration.
· Click on SAML.
· Click on Configuration Metadata button to download the file.
· Also copy the values from Manual setup section which will be required later on IBM Security Verify during SAML configuration.
(2) Create an application in IBM Security Verify and upload the IBM Instana Configuration metadata file
· Login to IBM Security Verify admin console and navigate to Applications configuration section.
· Click Add application and select Custom Application
- Provide application name and other information as necessary
- Click on Sign-on tab
- Set sign-on method to SAML2.0
- Click on Update Metadata file and select the IBM Instana Metadata configuration file
- Select Use identity provider initiated single sign-on
- Set Service provider SSO URL
- Set NameID format and Name identifier to Email
· Click Save which will create the Instana application.
· Click on Entitlements and set as per the business requirements.
You can further customize the SAML configuration as per need to update the encryption & signature options, additional attribute mappings or SAML subject configuration.
(3) Download the Configuration Metadata file from IBM Security Verify (IDP)
· Login to IBM Security Verify admin console and navigate to Applications section
· Navigate to Instana Observability application setting
· Click on Sign-on
· Refer the instructions under “Third party SaaS application SAML2.0 single sign-on (SSO) configuration” to download the metadata file
(4) Configure Authentication module on IBM Instana to upload IBM Security Verfiy Configuration Metadata file
· Login to the IBM Instana administrator web console and click on Settings icon.
· Click on Authentication tab and navigate to SAML under Identity Providers
· Upload the IDP metadata file and Click on Save
For the SP initiated SSO, The IBM Instana tenant will automatically redirect users to IBM Security Verify tenant for authentication first and later redirects back to application.
For the IDP initiated SSO, The IBM Security Verify tenant will authenticate users first and applications Launchpad allows user to access the IBM Instana application.
That’s all you need to achieve SSO between IBM Security Verify and IBM Instana tenant. Easy and quick configuration to improve the user experience while accessing cloud applications via IBM Security Verify.