IBM Security Verify

 View Only
  • 1.  Is there an LDAP/OpenLDAP agent for Verify SaaS?

    Posted 14 days ago
    We are trying to get rid of our on-premise Active Directory. I have one product that supports AD or OpenLDAP for authentication, which I would like to log into using my Verify SaaS credentials.

    Are there any Verify SaaS agents/containers that can accept and hand off LDAP authentication requests to Verify SaaS?

    ------------------------------
    Timothy
    ------------------------------


  • 2.  RE: Is there an LDAP/OpenLDAP agent for Verify SaaS?

    Posted 6 days ago
    One approach, if it is a web application, would be to use the IBM Application Gateway (https://docs.verify.ibm.com/gateway) with Verify SaaS. The IAG can be installed in a Docker/kubernetes/Openshift runtime (running in a data center that you control) and act as a proxy in front of a web app. In the simplest case the IAG would call your Verify tenant to authenticate users against user credentials in the LDAP cloud directory of your tenant. In this scenario your web application would not need to make calls to your Verify SaaS tenant since the IAG would do that for you.

    You can also have your application make calls to Verify SaaS to authenticate users, without using the IAG. There is an IBM Security Learning Academy course which shows how to make these calls using Postman here: (https://www.securitylearningacademy.com/course/view.php?id=5006). The cookbook for that class shows in Chapter 7 how to make calls to Verify SaaS (formerly called CIV) for the initial authentication of a user via password authentication. This is not a direct LDAP call but instead is based on OAuth 2.0, and the steps to define an API client for those API calls with your Verify tenant is covered in Chapter 2 of the cookbook.  (fyi: the IAG option discussed above also uses an API client so it can talk to your Verify tenant).

    ------------------------------
    Carl Hovi
    IBM
    ------------------------------