Log in to the application interface with the default Admin identities.

Go to the Identity Management > Identity Providers menu.

Right-click anywhere in the window and select Add > Provider > PKI.

In the Info tab of the Identity Provider Editor window, specify a Name for the IdP and unselect Enforce Dual Factor.

On the PKI Options tab, select [ Select ]. In the Certificate Selector window, expand the certificate tree you created for this integration, select the CA certificate that signed the IBM Db2 client certificate and KMIP connection pair certificates, and select [ OK ].

Select [ OK ] to finish creating the PKI IdP.

Right-click the IdP you just created and select Add > Mechanism > TLS.

On the Info tab, specify a Name for the authentication mechanism.

On the PKI tab, leave all fields set to the default values.

Select [ OK ] to save.

Go to Identity Management > Roles, and select [ Add ].

In the Info tab of the Role Editor window, configure the following settings:

On the Permissions tab, enable the following permissions for the role:

On the Advanced tab, set Allowed Ports to KMIP only.

Select [ OK ] to finish creating the role.

Go to the Identity Management > Identities menu, right-click anywhere in the window, and select Add > Client Application.

On the Info tab of the Identity Editor window, select Application for the storage location and specify ibmdb2 as the identity name.

On the Assigned Roles tab, select the role you created for IBM Db2.

On the Authentication tab, remove the default API Key mechanism and select [ Add ] to add a new credential.

On the Configure Credential window, select TLS Certificate in the Type drop-down menu and select the Provider and Mechanism you created. Select [ OK ] to finish configuring the credential.

Select [ OK ] to finish creating the identity.