1Kosmos integrates with IBM Security Verify as a SAML 2.0 identity provider, replacing password-based login with biometric authentication for IBM-managed applications.
Integration type
SSO
Updated
Overview
IBM Security Verify (formerly IBM Security Access Manager / ISAM and IBM Cloud Identity) is an enterprise IAM platform that provides SSO, MFA, and access governance for workforce and customer identity. 1Kosmos integrates with IBM Security Verify as a SAML 2.0 identity provider, allowing IBM-managed applications to delegate authentication to 1Kosmos biometrics.
The configuration is performed in the IBM Security Verify administration console under Applications → Add application → Custom Application. The Sign on tab is where the SAML connector type, SP Entity ID (Provider ID), ACS URL, and signing settings are configured.
After the application is saved and activated, IBM generates metadata that can be exported and imported into AdminX to complete the federation trust.
Prerequisites
Active 1Kosmos tenant: Administrator access to the AdminX portal. Contact 1kosmos.com/contact if not yet provisioned.
IBM Security Verify tenant: Administrator access to the IBM Security Verify Admin Console with permissions to add and manage applications.
User accounts synchronized: User accounts must exist in IBM Security Verify with email addresses matching 1Kosmos records before testing SSO.
1Kosmos mobile app installed: Users must have the app on iOS or Android with biometrics enrolled before testing.
Configuration values
Values to collect from 1Kosmos AdminX (IdP) for IBM Security Verify:
Field | Where to find it |
|---|---|
SAML Metadata URL or XML | AdminX → Settings → IdP Configuration → Metadata URL |
SSO URL | AdminX → Settings → IdP Configuration → Single SignOn Service URL |
IdP Entity ID | AdminX → Settings → IdP Configuration → Core Configuration |
Signing Certificate (PEM) | AdminX → Settings → IdP Configuration → View Certificate → Public Key |
Values to collect from IBM Security Verify (SP) for AdminX:
Field | Where to find it |
|---|---|
ACS URL (Assertion Consumer Service URL) | IBM Verify Admin Console → Applications → [your app] → Sign on tab → SP details or exported metadata |
SP Entity ID (Provider ID) | Same Sign on tab; the unique identifier for the SP application in IBM Verify |
Integration steps
Step 1: Add a Custom SAML Application in IBM Security Verify
Log in to the IBM Security Verify Admin Console and navigate to Applications → Add application.
Select Custom Application and enter an application name and company name. Click Next.
On the Sign on tab, confirm the connector type is set to SAML 2.0.
In the instructions panel on the right, enter the SP Provider ID (Entity ID) and ACS URL for the application being protected (or leave as the IBM Verify test SP values if testing). These SP details will be what AdminX uses to send SAML assertions.
Upload the 1Kosmos signing certificate or paste the IdP metadata URL in the Identity Provider section to import 1Kosmos as the IdP. Save and activate the application.
Step 2: Export IBM Security Verify metadata
After saving the application, download the IBM Security Verify SP metadata XML. This file contains the ACS URL and Entity ID required for AdminX.
Step 3: Add IBM Security Verify as a SAML application in AdminX
Log in to the AdminX portal and navigate to Applications → Add Application.
Select SAML 2.0 Generic and click Add integration. Enter "IBM Security Verify" as the Application Name and the IBM Verify login URL as the Application Access URL.
Set NameID Format to
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressand NameID Value to email. Add claims for email, first name, and last name. Enable Assertion signing and click Save.Enter the IBM Security Verify SP Entity ID and ACS URL from the exported metadata.
Step 4: Test the integration
Navigate to the IBM Security Verify application or login page and initiate SSO. Confirm you are redirected to 1Kosmos, authenticate biometrically, and are returned to the IBM-managed application.
Attribute mappings
Source (1Kosmos) | Target (IBM Security Verify) | Description |
|---|---|---|
user.email | email / NameID | Primary identifier for user lookup |
user.firstName | firstName | User first name |
user.lastName | lastName | User last name |
Integration notes
IBM Security Verify can act as both an IdP and an SP. In this integration, 1Kosmos is the IdP and IBM Security Verify is the SP, meaning 1Kosmos authenticates the user and sends a signed assertion to IBM Verify, which then grants access to the connected application.
If your organization uses IBM Security Verify as the central IAM hub with dozens of downstream applications, configuring 1Kosmos at the IBM Verify layer means all connected applications benefit from biometric authentication through a single integration point.
