IBM Security Verify

BlokSec can be configured as an inbound federation identity provider (also known as a social provider) for your IBM Security Verify tenant, and can also be configured to enable user mapping within the IBM admin console.

The BlokSec ↔ IBM Security Verify integration enables authentication via the SAML protocol. Configuration involves steps on both the BlokSec admin console and the IBM Security Verify console.

Prerequisites

• A BlokSec admin account with permission to create applications
• An IBM Security Verify tenant with admin access

Setup

1. Create the IBM Security Verify application in BlokSec

1. Sign in to the BlokSec admin console as a user with admin privileges
2. From the dashboard, click + Add Application and select Create From Template
3. Select the IBM Security Verify template
4. Complete the application details and click Submit:

Field	Value
Name	IBM Verify (or your preferred name)
SSO Type	OpenID Connect
Redirect URIs	Leave blank for now
Post Logout Redirect URIs	Leave blank for now

5. Click back into the newly created application to open its configuration
6. Click Generate App Secret, then note the Application ID and Application Secret — these are required when registering the application with IBM Verify

2. Configure BlokSec as an identity source in IBM Security Verify

1. Sign in to the IBM Security Verify admin console as a user with admin privileges
2. Navigate to Configuration → Identity Sources
3. Click Add Identity Source and select SAML Enterprise from the dropdown
4. Complete the identity provider configuration with the following values:

General Settings

Field	Value
Name	BlokSec yuID Passwordless (or your preferred name)
Realm	bloksec

From Identity Provider

Field	Value
SAML Single Sign-On flow initiated by	Service Provider
XML Metadata	Upload the metadata XML exported from the BlokSec admin console

To Identity Provider

5. Click the Download link to save the IBM Security Verify metadata file
6. From that metadata file, copy:
   • The Entity ID URI
   • The Assertion Consumer Service URI
7. Click Save

Note

Keep the IBM Security Verify metadata file open — you will need the Entity ID URI, Assertion Consumer Service URI, and X.509 certificate value in the next step.

3. Complete the BlokSec application configuration

1. Return to the IBM Security Verify application in the BlokSec admin console, click the gear icon in the upper right, and select Edit Application
2. Enter the Entity ID copied from the IBM Security Verify metadata in the previous step
3. Enter the Assertion Consumer Service URL copied from the IBM Security Verify metadata
4. Check Request Signed
5. Paste the X.509 Certificate value from the IBM Security Verify metadata XML into the certificate field
6. Click Submit to save the changes

Tip

The X.509 certificate value is found inside the <X509Certificate> element in the IBM Security Verify metadata XML file. Copy only the certificate content itself, without the surrounding XML tags.

Verifying the integration

1. Open a private/incognito browser window
2. Navigate to your IBM Security Verify tenant login page
3. Select BlokSec (or your configured identity source name) as the sign-in method
4. Approve the sign-in on the BlokSec mobile app
5. Confirm you are successfully authenticated into IBM Security Verify

Test before rolling out

Verify the integration with a single user account before communicating the change to your organization. Make sure the test user has the BlokSec app installed and their account fully provisioned.