Skip to main content

Configuring Single Sign-on in the OpenID Connect Provider.

Use OpenID Connect for single sign-on to allow applications to verify the identity of its users based on the authentication that is performed by Security Verify. Users do not need to sign up for an account with the application. The users are redirected to Security Verify for login.

Security Verify verifies the users' identities, sends the information through an ID token, and confirms with the relying party that the users are authorized to access and use the resource.

You can use IBM Developer Portal to easily configure OpenID Connect for your application. IBM Developer Portal allows developers to create applications, configure and connect their app with Security Verify for OpenID Connect single sign-on.

Before you begin

  • Log in to the IBM® Security Verify administration console with an account having administrative entitlements.

About this task

Configure Security Verify and the relying party to talk to each other. To enable OpenID Connect single sign-on, you must provide:

  • Security Verify with certain data from the relying party.
  • The relying party with certain data from Security Verify.

Procedure

  1. Navigate to Applications from the menu.
  2. Click Add Application and select IBM Security Verify: Developer Portal.
  3. Name the Developer Portal application as desired. Navigate to the Settings tab, and tick the OpenID Connect grant types that will be available for created applications using the Portal application. Click Save.
  4. Navigate to your homepage and launch the Developer Portal application you just created. Log in if required.
  5. Click Add application and add your application name, description and select the grant type(s). Select Register App.
  6. Once successfully created, follow the instructions on the App setup page to configure your app.



Alternatively, you can also configure your application manually through Security Verify.

Before you begin

  • Log in to the IBM® Security Verify administration console with an account having administrative entitlements.
  • You must set up the basic information of the application instance before you can configure the sign-on method for the application.

About this task

Configure Security Verify and the relying party to talk to each other. To enable OpenID Connect single sign-on, you must provide:

  • Security Verify with certain data from the relying party.
  • The relying party with certain data from Security Verify.

Procedure

Setting up your application with the minimum required fields. For more detailed information about each field, see Configuring single sign-on in the OpenID Connect provider.

  1. Navigate to the Sign-on tab.
  2. In the Sign-on Method, select OpenID Connect 1.0.
  3. Add your Application URL:
    This is the single sign-on initialization URL that is used to log in to the OpenID Connect relying party.
  4. Add your Redirect URI
    This is the callback URL, the address where Security Verify sends its authentication response to the relying party. Users are redirected to this URL after they are authenticated and authorized by Security Verify.
  5. Check Generate refresh token, this option is not relevant if you selected "Implicit" as the Grant Type.
    Indicates whether the client application can request and use a refresh token to obtain a new access token from the authorization server of the OpenID Connect identity provider.
  6. Click Save.