Access Manager Adv. Access Control

Access Manager Adv. Access Control Courses:

Configuring Advanced Access Control (AAC) module and enabling mobile demo application

The Advanced Access Control (AAC) functionality of IBM Access Manager is not enabled by default. The AAC module must be purchased and activated to enable this functionality.This lab provides procedures to activate and configure the Advanced Access Control module.
Access Manager appliance has a built-in live mobile demonstration application that is useful for demonstrating the AAC use cases. This lab also covers the steps to enable the live demo application.

Course revision - 1.0

SEC9764


Configuring silent and consent-based device registrations using one-time password (OTP)

IBM Access Manager supports device fingerprinting to allow tracking of a user across multiple devices and browsers.
This lab provides steps to configure Advanced Access Control policies to register a client device or browser using one-time password (OTP) sent to a user's email address.
The user is allowed access once OTP verification is complete.
The lab demonstrates silent and consent-based device registrations. It also covers how administrators and end users can manage device fingerprints.

Version 1.0

Duration: 1 hour 30 minutes

IRLP code: SEC9753

Context-based access transactions using FORM (POST) parameters

In this lab, you learn how to implement context-based access (CBA) using FORM (POST) parameters. You configure an access policy that detects high-value transactions based on a certain POST parameter in a web form and prompts for step-up authentication. The step-up authentication requires the users to provide a counter-based HMAC one-time password (HOTP).

You generate the OTP either using the OTP Generator demo application provided in the lab or by using a mobile app on your phone, for example, IBM Verify or Google Authenticator.

Context-based access transactions using REST (JSON) parameters

In this lab, you learn how to implement context-based access for a mobile application using REST (JSON) parameters. You configure an access policy that detects high-value transactions using a certain attribute in the JSON payload and prompts for step-up authentication. The step-up authentication requires the users to provide a time-based one-time password (TOTP).
You generate the OTP either using the OTP Generator demo application provided in the lab or by using a mobile app on your phone, for example, IBM Verify or Google Authenticator.

Securing APIs using OAuth authorization code, implicit and ROPC grant flows

This lab covers the following three main OAuth 2.0 workflows supported by IBM Access Manager: Authorization code, Implicit grant, and Resource owner password credentials (ROPC).

Configuring And Using OAuth Token Introspection Endpoint

IBM Access Manager provides OAuth 2.0 token introspection endpoint to support functions specified in RFC7662. The OAuth clients can use this endpoint to query the OAuth authorization server and request details about the access tokens issued by the server. For example, determining if the token is still active or accessing additional information about the token.
This lab demonstrates how to configure and use the OAuth 2.0 token introspection endpoint.

Using JSON Web Tokens (JWT) As OAuth Access Tokens

In this lab, you configure IBM Access Manager to generate and use JSON Web Tokens (JWTs) as OAuth Access Tokens rather than the standard opaque random string tokens that the OAuth server uses by default. JWTs are self-contained strings signed with a secret key. They contain a set of claims that assert an identity and a scope of access, reducing the need to go back and forth to the OAuth server to retrieve this information.

Configuring and using the SCIM interface
NEW

IBM Security Access Manager (ISAM) provides SCIM-based web services for user and group management. In this course, you use the SCIM Configuration page in the Access Manager Local Management Interface (LMI) to configure the SCIM capabilities. Then, you secure the SCIM endpoints using a Reverse Proxy. You also enable the built-in SCIM demonstration application that uses SCIM calls for user management.