Managing sign-in options

You can specify the identity sources that are available at login for user and administrator work flows in Cloud Identity.

Before you begin

To enable FIDO2 or QR code login options for the identity sources, you must configure them separately. See Managing FIDO2 devices and QR login passwordless authentication.

About this task

The work flows are determined by the URL paths that are used to connect to Verify.

This task does not apply to social identity providers. See Managing identity providers for the types of identity sources that you can add and manage the sign-in options for.

Note: For federated and non-federated users, passwordless authentication, whether FIDO2 or QR, retrieves only data that is in the Cloud Directory registry. Fine grained attributes that are not in the federated record of user, for example the group membership of a user, are not available with passwordless authentication. To synchronize fine grained attributes like group membership, see IBM Security Verify Bridge for Directory Sync.

Procedure

  1. Select Security > Sign-in options
    The table displays the name and realm of the identity sources that are available and whether they are displayed for the administrator or user.
  2. Edit the sign-in options for an identity source.
    1. Select the identity source, click the menu icon, and select Edit sign in options.
    2. Select or clear the check boxes to determine whether the identity source is shown to the user or administrator at login.
    3. Use the toggle to determine whether FIDO2 devices or QR codes can be used for user or admin login.
      Note: To hide a sign-in option, it must be toggled off in all the identity sources that are shown to the users or administrators. If you do not want users to see the option to sign in with a QR code, it must be off for users in all the identity sources that are shown. If it is set to On in one of the sources, it is displayed as a sign-in option even though it is set to Off in all the others. Identity sources that exist but are not shown, do not affect the sign-in options.
    4. Click Save.
  3. Edit an identity source.
    If you need to modify an identity source, you can link directly to the identity source configuration page.
    1. Select the identity source, click the menu icon, and select Edit identity source.
    2. Modify the identity source.
      See Managing identity providers.
    3. Click Save.