How to configure Flex Appliance as a service provider with the IBM Security Verify identity provider
Description
Prerequisite:
Before you configure single sign-on, you must import the certificate from the Flex Appliance Console as a signer certificate on the IBM Security Verify Portal. Use the following steps:
1. Follow the steps in the following article to create an X.509 certificate from the Flex Appliance metadata file: www.veritas.com/support/en_US/article.100054258
2. Sign in to the IBM Security Verify portal.
3. On the left panel, click Security and select Certificates.
4. Under signer certificates, click Add signer certificate.
5. Upload the certificate file, enter a name, and click Save.
Once the certificate is added as a signer certificate, it can be selected to authenticate SAML requests and responses during single sign-on configuration.
Steps to configure Flex Appliance as a service provider with the IBM Security Verify identity provider
1. Sign in to the IBM Security Verify portal.
2. Click Add Applications and select Custom application.
3. Enter the details for the new custom application, including the name, the description, etc. You can also add users as owners of the application based on the IBM ID.
4. Click on the Sign-on tab and enter the details of the service provider. Refer to the metadata file that you obtained from the Flex Appliance Console. Enter the entity ID, the assertion consumer service URL, and the single logout URL in the respective text boxes.
5. Enter mapping attributes to choose what attributes need to be sent as a part of the assertion.
Note: When you add the IDP configuration to the Flex Appliance IDP configuration page, the values that you enter for the User and the Group must match the SAML attributes that are mapped to the userPrincipalName and the memberOf attributes. The userPrincipalName must be in email format.
The SSO attribute mappings generate SAML responses, which are sent to the Flex appliance.
6. Under the Certificates section, check the three options to enable verification of the SAML request and the response.
7. Under Service provider signer certificate, select the signer certificate that you added during the prerequisite steps.
8. Optional: Veritas recommends that you select Encrypt assertion under Encryption options so that the assertions that are sent from the IDP are encrypted. Select the Flex Appliance auth service certificate that you added earlier to specify the key to encrypt with.
9. Click Save to finish configuring the identity provider.
10. In the section on the right side of the sign-in tab, locate Configure third party SaaS application as the service provider (SP). Scroll down to the text "Upload the identity provider federation metadata, which you can download from the following URL:". Download the metadata from this URL.
Upload this metadata file on the Flex Appliance Console when you add or edit the identity provider information.
Note: If you entered the single logout URL during this configuration, when you sign out of the Flex Appliance Console, you are also signed out of the identity provider.
References
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.