Kyndryl Bridge

Experience Kyndryl Bridge

IdPs management
Published On Jun 14, 2024 - 10:57 AM

IdPs management

Identity providers is another way to manage access and privileges.
The identity providers (IdP) page helps you to manage access and privilege requirements. You can manage the out-of-the-box IdP or add new ones to connect to your external user repositories. Since the Kyndryl Bridge may contain multiple IdPs, you can add, edit, and delete different IdPs. The benefit of IdPs is that you can quickly add primary and secondary access providers to securely manage your Kyndryl Bridge services and applications. To understand which roles and permissions are required, see Roles and permissions.

Accessing the IdP page

To access the identity provider settings page, follow these steps:
  1. Access the IAM page.
  2. Select
    Identity Provider
    from the left navigation bar of the page. The identity provider page opens.
  3. Once in the IdP page, you can perform a series of actions to personalize your IdP settings including the following:
    1. Adding a new IdP
    2. Editing an existing IdP
    3. Deleting an existing IdP
    4. Changing the primary IdP

Adding a new IdP

  1. Click
    Add New
  2. Select
    Add Identity Provider
    . The Add Custom ID Provider page opens.
  3. Enter a
  4. Add a
    Display Name
  5. Select the authentication protocol.
    1. OpenID
    2. SAML2.0
  6. Based on the protocol chosen, complete the following information
    Open ID
    Protocol binding: Select one of the following options
    • HTTP post
    • HTTP redirect
    Add the Client ID
    NameID Format: Select one of the following options
    • Unspecified
    • Email address
    • Persistent
    • Transient
    Add the Client secret
    App federation metadata: Select one of the following options
    • URL: enter the URL.
    • XML file: upload the XML file.
    Add an Issuer
    Add an Authorization endpoint
    Enter the Token endpoint
    Scopes: select the authorization scopes from the dropdown list.
  7. Advanced settings
    :   The claim mappings file maps a set of attribute claims. Email invitations are enabled by default, and you may choose to disable them by clicking 
    Advanced Settings
    at the top right side of the page to set up the following IdP settings. Simply make your edits and close the advanced settings page by clicking the
    1. Invitation options
      : when email invitations are required, the user must use the email link to login for the first time. When email invitations are optional, the user can login with or without the email invitation.
    2. Invitation validation options.
    3. Trusted domains
      : the domains that the identity provider trusts to authenticate users.
    4. Peer trust domains.
    5. Authorization options. Select between External authorization or Internal authorization.
    6. Groups delimiter.
    7. Hide IdP.
    8. Form: Select the standard claim from the dropdown list.
      1. SAML: Add a custom claim.
      2. OpenID: Fill out the subject claim.
    9. File upload: Upload the attributes and claim file.
  8. Click

Editing an existing IdP

  1. Click the overflow menu next to the IdP you want to edit.
  2. Select
  3. Make the necessary updates.
  4. Click
    to finish.

Deleting an existing IdP

  1. Click the overflow menu next to the IdP you want to delete.
  2. Select
  3. Confirm the deletion.

Changing the primary IdP

If you have added several IdPs to your platform and want to change which is your primary IdP, follow these steps:
  1. Click the overflow menu next to the IdP you want to make primary.
  2. Select
    Make Primary
Do you have two minutes for a quick survey?
Take Survey