Verify Access user

The Verify Access user configurations enable the SCIM web service to manage the Security Verify Access security entities.

About this task

When Verify Access integration is enabled, the SCIM web service can perform the following operations to manage Security Verify Access identity:

  • Import a user to the secAuthority=<Domain> suffix
  • Delete a user from the secAuthority=<Domain> suffix
  • Enable or disable a user account
  • Change a users password
  • Mark a user password as invalid

This function is implemented through the urn:ietf:params:scim:schemas:extension:isam:1.0:User schema. The data that is available as a part of this schema can be obtained from the SCIM schema web service.

The Verify Access user configuration only works in conjunction with the user profile configuration if the LDAP registry and suffix used by the user profile configuration is known to Security Verify Access (either as the Security Verify Access user registry or a federated user registry).

Procedure

  1. From the top menu, go to AAC > Manage > SCIM Configuration.
  2. Click Verify Access User.
  3. Modify the following settings as needed.
    Enable Verify Access Integration
    Select this check box to enable the integration with Security Verify Access and the management of Security Verify Access users.
    Verify Access User Registry
    The name of an LDAP server connection. This LDAP server connection should reference the Security Verify Access user registry.

    This server connection is a pointer to an LDAP server connection that has been defined in the Advanced Access Control server connections page.

    This field contains a list of the available LDAP server connections and Verify Access Runtime server connections.

    If an LDAP type is selected, it is used directly as the SCIM LDAP server.

    If an Verify Access Runtime type is selected, the bind details in the server connection are used along with the configured Verify Access Runtime LDAP server.
    Important: The selected server connection must contain the bind details for the Runtime Component LDAP server. Ensure that you configure the Runtime Component before you attempt to do this.

    This field is required.

    Type
    This field shows the server connection type for the selected LDAP server.

    If the server connection type is LDAP, the server connection is used as is. If the server connection type is Verify Access Runtime, the bind details in the server connection are used along with the configured Verify Access Runtime LDAP server.

    Verify Access Domain
    The Security Verify Access domain name. The default value for this field is Default.
    Update Native Users
    This option defines whether the uid attribute of the native user entry is updated with the Security Verify Access user identity when a Security Verify Access user is created. Enabling this option allows Security Verify Access to authenticate users with their Security Verify Access user identity.
  4. Click Save to save the changes.
    Note: Due to the caching of configuration data within the runtime, it might take up to 30 seconds before any deployed configuration changes become active.