SSO AuthenticationSAML 2.0
IBM Security Verify
Configure IBM Security Verify as a SAML 2.0 identity provider for Safeguard.
IBM Security Verify
- In the IBM Security Verify admin console, go to Applications → Add application → Custom Application → SAML 2.0.
- Under Sign-on, set Assertion consumer service URL to the ACS URL Safeguard shows after Save and Entity ID to the SP Entity ID Safeguard shows after Save.
- Set Name ID format to Email, mapped from the user's email attribute.
- Under Attribute mapping, add an attribute named
emailmapped from the user's email attribute — separate from the Name ID format setting above. - Copy the SSO URL and Issuer, and download the signing certificate, from the app's Sign-on tab.
- In Safeguard, click Add Provider → SAML 2.0 → IBM Security Verify, and enter those three values.
- Assign the application to the entitled users/groups under the app's Access tab.
- Click Test in Safeguard to confirm.
Common errors: a "SAML response validation failed" error at Safeguard usually means the Entity ID entered in Safeguard doesn't exactly match the Issuer IBM Security Verify sends (this comparison is case-sensitive).