Add an IdP
Perform the following steps to add a PKI Identity Provider (IdP):In the Info tab of the Identity Provider Editor window, specify a Name for the IdP and unselect Enforce Dual Factor.
On the PKI Options tab, select [ Select ]. In the Certificate Selector window, expand the certificate tree you created for this integration, select the CA certificate that signed the IBM Db2 client certificate and KMIP connection pair certificates, and select [ OK ].
Create a role
Perform the following steps to create a role:In the Info tab of the Role Editor window, configure the following settings:
| Setting | Required configuration |
|---|---|
| Type | Application |
| Name | IBM Db2 |
| Application | 1 |
On the Permissions tab, enable the following permissions for the role:
| Permission | Subpermission |
|---|---|
| Cryptographic Operations | Encrypt, Decrypt |
| Keys | Add, Delete, Export, Modify |
| Secure Key Functions | Clear Export |
Create an identity
Perform the following steps to create an identity:Go to the Identity Management > Identities menu, right-click anywhere in the window, and select Add > Client Application.
On the Info tab of the Identity Editor window, select Application for the storage location and specify
ibmdb2 as the identity name.The identity name must match the Common Name of the client certificate.
On the Authentication tab, remove the default API Key mechanism and select [ Add ] to add a new credential.
On the Configure Credential window, select TLS Certificate in the Type drop-down menu and select the Provider and Mechanism you created. Select [ OK ] to finish configuring the credential.