Description
The IBM Security Verify connector uses the IBM Security Verify REST API to discover user identities, groups, and role assignments within an IBM Security Verify (ISV) SaaS or on-premises deployment. It authenticates using OAuth 2.0 client credentials and provides visibility into enterprise identity governance across cloud and on-premises applications.
System Type Classification
| Field | Value |
|---|
| System Type | Directory Service |
| Default Scan Priority | 10 |
Version Support
| OrbisID Edition | Supported |
|---|
| Community | No |
| Pro | Yes |
| Enterprise | Yes |
Supported Protocol
| Protocol | Port | Notes |
|---|
| REST API (HTTPS) | 443 TCP | OAuth 2.0 client credentials flow |
What OrbisID Discovers
| Data | Source |
|---|
| User identities | GET /v2.0/Users (SCIM 2.0 endpoint) |
| Groups | GET /v2.0/Groups (SCIM 2.0 endpoint) |
| Group memberships | members array in group records |
| User enabled state | active attribute |
| Access roles | GET /v1.0/accesspolicies |
Connection Requirements
Required Permissions
Register an API client in IBM Security Verify and assign read permissions.
Minimum permissions:
readUsers — enumerate user identitiesreadGroups — enumerate groups and membershipsmanageAllAuthorizations — read access policies (optional, for full role discovery)
Credential Mapping
| OrbisID Field | Value |
|---|
credential.username | ISV OAuth 2.0 Client ID |
credential.password | ISV OAuth 2.0 Client Secret |
system.hostname | ISV tenant URL (e.g., myorg.verify.ibm.com) |
Network Requirements
The OrbisID server must have HTTPS access to the IBM Security Verify tenant on port 443.
Configuration Steps
- In the IBM Security Verify admin console, navigate to Security → API Access → Add API Client
- Grant
readUsers and readGroups entitlements
- Note the Client ID and Client Secret
- Create a Credential in OrbisID:
- Username: Client ID
- Password: Client Secret
- Navigate to Systems → Add System
- Fill in the fields:
| Field | Value |
|---|
| Name | Descriptive name (e.g., IBM Security Verify – Production) |
| OS Type | IbmSecurityVerify |
| System Type | Directory Service |
| Hostname | ISV tenant hostname |
| Credential | The API client credential |
- Click Test Connection
- Click Save
Troubleshooting
| Symptom | Likely Cause | Resolution |
|---|
Authentication failed | Invalid client credentials | Verify the Client ID and Secret in the ISV console |
| No users returned | Missing readUsers permission | Add readUsers entitlement to the API client |
403 Forbidden | Entitlements not granted | Review and update API client entitlements |
| Tenant not found | Incorrect hostname | Verify the ISV tenant URL |