In IBM Cloud Pak for Integration (CP4I) v2021.2, Identity and Access Management (IAM) is part of Foundational Services, which provides authentication and authorization across different modules within CP4I.
When configuring IAM for single sign-on (SSO), the administrator must have administrator access to the IAM service. This is essential for:
Integrating external identity providers (IdPs) such as LDAP, SAML, or OIDC.
Managing user roles and access control policies across the Cloud Pak environment.
Configuring SSO settings for seamless authentication across all IBM Cloud Pak services.
IAM service administrators have full control over authentication and SSO settings.
They can configure and integrate identity providers for authentication.
This level of access is required to modify IAM settings in Cloud Pak for Integration.
Why Answer D (Access to IAM service as administrator) is Correct?
A. Access to the OpenShift Container Platform console as kubeadmin. → Incorrect
While kubeadmin is a cluster-wide OpenShift administrator, this role does not grant IAM administrative privileges in Cloud Pak Foundational Services.
IAM settings are managed within IBM Cloud Pak, not solely through OpenShift.
B. Access to IBM Cloud Pak for Integration as kubeadmin. → Incorrect
kubeadmin can manage OpenShift resources, but IAM requires specific access to the IAM service within Cloud Pak.
IAM administrators are responsible for configuring authentication, SSO, and identity providers.
C. Access to OpenShift cluster as root. → Incorrect
Root access is not relevant here because OpenShift does not use root users for administration.
IAM configurations are done within Cloud Pak, not at the OpenShift OS level.
Explanation of Incorrect Answers:
IBM Cloud Pak Foundational Services - IAM Configuration
Configuring Single Sign-On (SSO) in IBM Cloud Pak
IBM Cloud Pak for Integration Security Overview
OpenShift Authentication and Identity Management
IBM Cloud Pak for Integration (CP4I) v2021.2 Administration References:
