IdPs management
4 min
manage and configure identity providers (idps) to streamline access control and integrate with external user repositories the identity providers (idp) page helps you to manage access and privilege requirements you can manage the out of the box idp or add new ones to connect to your external user repositories since the kyndryl bridge may contain multiple idps, you can add, edit, and delete different idps the benefit of idps is that you can quickly add primary and secondary access providers to securely manage your kyndryl bridge services and applications to understand which roles and permissions are required, see roles and permissions docid\ ics69b2oesewnrtsmbi3w accessing the idp page click the global menu icon click settings and select service the page opens select identity provider from the left navigation bar of the page the identity provider page opens once in the idp page, you can perform a series of actions to personalize your idp settings including the following adding a new idp editing an existing idp deleting an existing idp changing the primary idp adding a new idp click add new select add identity provider the add custom id provider page opens enter a name add a display name select the authentication protocol openid saml2 0 based on the protocol chosen, complete the following information \<font color="#f3f4f6">saml\</font> \<font color="#f3f4f6">open id\</font> protocol binding select one of the following options http post http redirect add the client id nameid format select one of the following options unspecified email address persistent transient add the client secret app federation metadata select one of the following options url enter the url xml file upload the xml file add an issuer add an authorization endpoint enter the token endpoint scopes select the authorization scopes from the dropdown list advanced settings the claim mappings file maps a set of attribute claims email invitations are enabled by default, and you may choose to disable them by clicking advanced settings at the top right side of the page to set up the following idp settings simply make your edits and close the advanced settings page by clicking the x icon invitation options when email invitations are required, the user must use the email link to login for the first time when email invitations are optional, the user can login with or without the email invitation invitation validation options trusted domains the domains that the identity provider trusts to authenticate users peer trust domains authorization options select between external authorization or internal authorization groups delimiter hide idp form select the standard claim from the dropdown list saml add a custom claim openid fill out the subject claim file upload upload the attributes and claim file click save editing an existing idp click the overflow menu next to the idp you want to edit select edit make the necessary updates click save to finish deleting an existing idp click the overflow menu next to the idp you want to delete select remove confirm the deletion changing the primary idp if you have added several idps to your platform and want to change which is your primary idp, follow these steps click the overflow menu next to the idp you want to make primary select make primary