IBM Security Verify

Hi,

Is there some functionality in isva that requires/must have that the user exist in the user store or can you go all in with the external user pattern?

------------------------------
Regards Mikael
------------------------------

Hello Mikael,

We have implemented this with the help of blogs from Philip https://philipnye.com/2015/02/25/isam-for-web-without-a-user-registry-new-and-improved/

And OAuth Config chagnes can be found there

https://community.ibm.com/community/user/security/communities/community-home/digestviewer/viewthread?GroupId=2863&MessageKey=a7a56ee2-cdf8-44a6-9565-f924fc9f871b&CommunityKey=e7c36119-46d7-42f2-97a9-b44f0cc89c6d&tab=digestviewer


------------------------------
Piyush Agrawal
https://www.linkedin.com/in/piyush-norway/
Gjensidige Norway
------------------------------

Original Message:
Sent: Tue October 12, 2021 12:54 AM
From: Mikael Lindblad
Subject: ISVA act as a idp without userstore?

Hi,

Is there some functionality in isva that requires/must have that the user exist in the user store or can you go all in with the external user pattern?

------------------------------
Regards Mikael
------------------------------

Thanks Piyush,

We use it already, i was just wondering if there is some part of isva that does not support it.

------------------------------
Regards Mikael
------------------------------

Original Message:
Sent: Tue October 12, 2021 08:44 AM
From: Piyush Agrawal
Subject: ISVA act as a idp without userstore?

Hello Mikael,

We have implemented this with the help of blogs from Philip https://philipnye.com/2015/02/25/isam-for-web-without-a-user-registry-new-and-improved/

And OAuth Config chagnes can be found there

https://community.ibm.com/community/user/security/communities/community-home/digestviewer/viewthread?GroupId=2863&MessageKey=a7a56ee2-cdf8-44a6-9565-f924fc9f871b&CommunityKey=e7c36119-46d7-42f2-97a9-b44f0cc89c6d&tab=digestviewer


------------------------------
Piyush Agrawal
https://www.linkedin.com/in/piyush-norway/
Gjensidige Norway

Original Message:
Sent: Tue October 12, 2021 12:54 AM
From: Mikael Lindblad
Subject: ISVA act as a idp without userstore?

Hi,

Is there some functionality in isva that requires/must have that the user exist in the user store or can you go all in with the external user pattern?

------------------------------
Regards Mikael
------------------------------

Hi Mikael,

Most recent capabilities of Verify Access have been designed to work with External Users (and Basic users) in addition to the standard users of old.
Here are limitations I know about:

- Cannot assign an external user directly to an ACL (but can dynamically assign to a group that is in ACL which is the right way to do ACLs anyway).

- Cannot manage validity of the account (rely on the external source to only pass valid users)

- External users cannot use the built in "Global Sign-On" capability (storage of user/password for backend systems).  However, there is a new REST Service interface for integration with external/bespoke service for managing this data.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message:
Sent: Tue October 12, 2021 12:54 AM
From: Mikael Lindblad
Subject: ISVA act as a idp without userstore?

Hi,

Is there some functionality in isva that requires/must have that the user exist in the user store or can you go all in with the external user pattern?

------------------------------
Regards Mikael
------------------------------