IBM Security Verify

 View Only
  • 1.  SAML SSO

    Posted Mon August 31, 2020 09:07 AM
    Hey Everyone,
     
    I am new to SAML and SSO. So have a query on this.

    I have onboarded a federated SSO application in ISAM 9.0.7 and it seems to be working fine. But the only thing that concerns me is that SSO only works for users who already have access to application and the necessary roles in ISIM.
     
    But shouldn't it be like this, that if a user has necessary roles in ISIM, he should be able to get inside the application with his SSO credentials despite he being existing in application or not. Shouldn't he be created in application automatically ?

    Any suggestions would be greatly appreciated 🙂

    ------------------------------
    Thanks,
    Vishal Mahajan
    ------------------------------


  • 2.  RE: SAML SSO

    Posted Mon August 31, 2020 09:57 AM
    Hi Vishal...

    I'm not sure I completely understand your scenario.  Are you saying you'd expect a User to be able to login to ISIM even when the User doesn't have an ISIM Account (and/or the ISIM Account should be created automatically)?

    Typically our customers that use both ISAM and ISIM (with ISAM providing SSO to ISIM), have ISIM configured to provision both ISIM and ISAM Accounts when Users are onboarded.  After that point, the Users can authenticated to ISAM and access ISIM when/if needed.
    Since it appears your users are federated via some external application, you could create an ISIM datafeed that pulls data from that external federation, which would create the Users/Accounts in ISIM.

    ------------------------------
    Grey Thrasher
    IBM
    ------------------------------