Safeguard.sh Documentation Center
SSO AuthenticationSAML 2.0

IBM Security Verify

Configure IBM Security Verify as a SAML 2.0 identity provider for Safeguard.

IBM Security Verify

  1. In the IBM Security Verify admin console, go to Applications → Add application → Custom Application → SAML 2.0.
  2. Under Sign-on, set Assertion consumer service URL to the ACS URL Safeguard shows after Save and Entity ID to the SP Entity ID Safeguard shows after Save.
  3. Set Name ID format to Email, mapped from the user's email attribute.
  4. Under Attribute mapping, add an attribute named email mapped from the user's email attribute — separate from the Name ID format setting above.
  5. Copy the SSO URL and Issuer, and download the signing certificate, from the app's Sign-on tab.
  6. In Safeguard, click Add Provider → SAML 2.0 → IBM Security Verify, and enter those three values.
  7. Assign the application to the entitled users/groups under the app's Access tab.
  8. Click Test in Safeguard to confirm.

Common errors: a "SAML response validation failed" error at Safeguard usually means the Entity ID entered in Safeguard doesn't exactly match the Issuer IBM Security Verify sends (this comparison is case-sensitive).

On this page