Skip to main content

Configuring as an OIDC Relying Party for IBM Security Verify Access

Introduction

IBM Security Verify Access provides user-friendly access management and multifactor authentication to help organizations maintain security as they adopt new technologies. It can be used as an Identity Provider by the IBM Application Gateway (IAG) using the Open ID Connect authentication protocol (as depicted below).

Authorization Code Flow

Prerequisites

Before attempting to configure Security Verify Access as an identity provider for IAG:

  1. You need an IBM Security Verify Access or IBM Security Access Manager 9.0.7.0+ appliance with Federation activated.
  2. You need to create an OIDC Federation including an OIDC Definition and Client. More information on how to create an OIDC Provider (OP) can be found in the IBM Security Verify Access documentation: https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.7/com.ibm.isam.doc/config/concept/oauth.html. When creating the OIDC Definition and Client you need to take special note of the created client ID and secret, along with the OIDC Definition name.

Configuration

The IBM Security Verify Access configuration is contained within the 'identity/oidc' node of the IAG configuration YAML:

  • A description of the configuration options is available from the oidc page within the YAML reference. A minimal configuration requires the following configuration data:

    • Security Verify Access Discovery Endpoint
    • Client Identity
    • Client Secret
    • IBM Security Verify Access CA certificate
  • An example configuration file is also available in the IBM Security Verify Access Configuration example page.