| copyright | lastupdated | keywords | subcollection | ||
|---|---|---|---|---|---|
|
2025-04-28 |
IAM access for openpages, App ID, identity provider, IdP |
openpages |
{{site.data.keyword.attribute-definition-list}}
{: #iam-appid}
IBM Cloud service offers multiple external identity provider integration options. For more information, see Which is the right federation option for you?. You can connect your external identity provider to an {{site.data.keyword.cloud}} App ID instance, and then configure that App ID to connect directly to {{site.data.keyword.cloud}} Identity and Access Management (IAM) to federate authentication users of an enterprise to an {{site.data.keyword.cloud}} account. {: shortdesc}
{: #iam-appid-config}
To configure App ID, do the following steps:
-
Configure the integration by doing the steps in the following topic: Configuring App ID with your identity provider.
The topic discusses watsonx, but the steps are the same for {{site.data.keyword.openpages_short}}. {: tip}
-
Get the Realm ID for your identity provider.
Click Manage Access (IAM), and then click Identity providers. Identify your provider, and copy the Realm ID.
-
Ensure that you have an {{site.data.keyword.openpages_short}} instance. If you need to create an {{site.data.keyword.openpages_short}} instance, see Provisioning your IBM OpenPages as a Service environment.
You can integrate more than one {{site.data.keyword.openpages_short}} instance in this account with the same Custom identity provider.
Open a support case for each {{site.data.keyword.openpages_short}} instance requesting for the Custom identity provider integration and include the {{site.data.keyword.openpages_short}} instance CRN and Realm ID that you copied from the previous step in the case. For more information on creating the case, see Creating support cases.
After the support case is addressed from the {{site.data.keyword.Bluemix_notm}} team and is closed, the Custom identity provider integration for the provided {{site.data.keyword.openpages_short}} instance CRN is completed.
{: #iam-appid-users}
The following options are available to give users access to {{site.data.keyword.openpages_short}}:
- Configure dynamic rules to automatically assign users to an access group where the {{site.data.keyword.openpages_short}} access is granted by an {{site.data.keyword.Bluemix_notm}} IAM role, and where the role templates from {{site.data.keyword.openpages_short}} is assigned.
- When users login to the {{site.data.keyword.openpages_short}} instance successfully, they are added to {{site.data.keyword.Bluemix_notm}} IAM. Next, give the users access to {{site.data.keyword.openpages_short}}. For more information, see Managing IAM access for IBM OpenPages.
{: #iam-appid-result}
- For users to access their {{site.data.keyword.openpages_short}} instance, they must follow the steps in the {{site.data.keyword.openpages_short}} UI.
- When the user launches their {{site.data.keyword.openpages_short}} instance, they are redirected for authentication to their Custom identity provider and after successful authentication, the users are logged into {{site.data.keyword.openpages_short}}.