Setting the MaaS360 identity provider and user identifier
MaaS360® synchronizes its users' information with Verify to authenticate and authorize users to access native-mobile applications on their devices. The users' information that MaaS360 sends to Verify comes from its own local user registry, or from another identity provider's external user registry. Assign the MaaS360 default identity provider and the unique user identifier to properly provision and map the MaaS360 users in Verify. The user mapping ensures that the MaaS360 users can sign in to their application on their managed devices and in Verify as the same user.
Before you begin
- You must have administrative permission to complete this task.
- Log in to the IBM® Security Verify administration console as an Administrator.
About this task
- Default Identity Provider
-
Assign the MaaS360 identity provider in Verify to map the realm value of the MaaS360 identity provider with its corresponding identity provider in Verify. The realm value indicates the user registry where the users information is derived.
The Default Identity Provider option lists the configured Cloud Directory, SAML Enterprise, and MaaS360 Cloud Extender identity providers. For first-time use, only the Cloud Directory is configured by default.Note: Initially, the Cloud Directory is empty except for the user who is designated as the administrator. You must onboard users to populate the Cloud Directory.If you want to use a SAML Enterprise identity provider to represent the MaaS360 external user registry, you must first complete Setting the MaaS360 identity provider and user identifier. For example, MaaS360 can use Microsoft Azure Active Directory (Azure AD) as its cloud-based directory. To use Azure AD as the default identity provider, you must add it to the Default Identity Provider selection. - Unique User Identifier
-
Assign the unique user identifier to help identify MaaS360 users who access Verify. The identifier is used as a reference together with the realm value to check for users in the Verify cloud directory with these data. If no match is found, the identities of the MaaS360 users are federated in the Verify cloud directory. A user profile is created in the cloud directory when these users signs in for the first time to Verify.
The Unique User Identifier option consists of:- The standard user attributes from Verify, which includes the built-in attributes that are defined in .
- The MaaS360
osUserName@domain
, which is a combination of theosUserName
and domain attribute that are used in MaaS360.
- Primary Identity Provider
- The identity provider that
contains the shadow accounts for the linked identity providers.Note: A primary identity provider cannot have identity linking enable.
Procedure
Results
When users access an application on their MaaS360 managed devices and authenticate with Verify, the users' identities are federated in Verify. You can view the federated users information in the page. These users have the same Realm value that is assigned to your selected MaaS360 identity provider.