IBM Cloud Docs
Setting IBM IAM authentication

Setting IBM IAM authentication

Set your authentication method to IBMIAM with the REGISTER EXTERNAL AUTHENTICATION SYSTEM SQL statement.

Two factor authentication is not supported with an external authentication system.

See also Managing IAM access for NPSaaS.

Syntax

REGISTER EXTERNAL AUTHENTICATION SYSTEM 'IBMIAM' with { PRODUCTION | STAGING | DEVELOPMENT }

Setting IBM IAM authentication with the web console

  1. Log in to the web console as an admin.

  2. Go to the Query editor.

  3. Register an IBM IAM external authentication system. Specify the PRODUCTION environment type.

    REGISTER EXTERNAL AUTHENTICATION SYSTEM 'IBMIAM' with 'PRODUCTION'
    
  4. Create a user or users with the external authentication method set to IBM IAM as desribed in Creating users.

  5. Verify whether the user was created successfully.

    1. Go to Users and groups > Users.
    2. Locate the user.
    3. Check the Authentication type section for the user.

Setting IBM IAM authentication with the command-line

  1. Connect to NPSaaS as an admin.

    In the example, the 'nzsql' command is used. You can also use the the ODBC or JDBC drivers.

    nzsql -host <nps_host_ip> -u admin -pw XXXXX
    
    Example
    Input Description
    nps_host_ip

    Specifies the IP address of your instance.
    To retrieve NPS HOST IP:

    1. Log in to your IBM Cloud account.
    2. Go to Private endpoints > Service instance details.
    3. Select your instance.
      Your instance IP address is displayed on the page now.
    user Specifies the user name.
    password When MFA is not configured:
    specify the access-key and secret-key for the user.
    When MFA is configured:
    specify the access-key, secret-key, and mfa-code.

    Example:

    nzsql -host X.XX.XXX.XXX -u admin -pw password
    Welcome to nzsql, the IBM Netezza SQL interactive terminal.
    Type:  \h for help with SQL commands
           \? for help on internal slash commands
           \g or terminate with semicolon to execute query
           \q to quit
    
    SYSTEM.ADMIN(ADMIN)=>
    
  2. As admin, register an IBMIAM external authentication system. Specify the PRODUCTION environment type.

    REGISTER EXTERNAL AUTHENTICATION SYSTEM 'IBMIAM' with 'PRODUCTION'
    
  3. Create a user or users with the external authentication method set to IBMIAM.

    CREATE USER USER AUTH EXTERNAL 'IBMIAM';
    

    Example:

    CREATE USER xyz@ibm.com AUTH EXTERNAL 'IBMIAM';
    
  4. Verify whether the user was created successfully.

    \q
    
    nzsql -u '"USER"' -pw PASSWORD
    

    Example:

    \q
    
    nzsql -u '"xyz@ibm.com"' -pw XXXXXXXXXXXXX
    Welcome to nzsql, the IBM Netezza SQL interactive terminal.
    
    Type: \h for help with SQL commands
    ? for help on internal slash commands
    \g or terminate with semicolon to execute query
    \q to quit
    
    SSL enabled connection. Cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, protocol: TLSv1.2
    
    SYSTEM.ADMIN(xyz@ibm.com)=>