Connecting multiple Identity Networks to a single logical resource

You can share a single logical resource with multiple Identity Networks using different SAML certificates. When you create a network, a new SAML certificate will automatically be generated for your Identity Network. When it comes time to generate a new SAML certificate, the old certificate is supported to eliminate network downtime. After a new SAML certificate is applied, Identity Manager displays a reminder of the number of days until the certificate expires.

The new SAML certificates are generated in the following directory:

<install_path>\usher\usherserver\usherDocs\idm_files\credentials\

For example, if Identity is installed in the default directory on the C: drive, then the location of the SAML certificates is

C:\Program Files (x86)\MicroStrategy\usher\usherserver\usherDocs\idm_files\credentials\

If you implement multiple MicroStrategy Identity Servers that need to access (share) the same logical resource (for example, a single web application), make sure the Identity Provider Issuer ID/URL setting is unique for each MicroStrategy Identity Server that you deploy and connect to the shared logical resource.

Sharing the same logical resource with multiple Identity Networks

1. Log into MicroStrategy Identity Manager.
2. Review/update the SAML certificate properties in Identity Manager:
   1. From the drop-down list on the top right, select Manage Networks.
   2. Click Properties next to the network that you want to connect with a logical resource.

   3. Scroll down to the SAML Certificate section.

      

      The fields for the Private Key Path and Certificate Path are populated with the SAML certificate that was generated when the network was created.

   4. Optionally, in the Password field, enter a password for the SAML certificate.
   5. Optionally, click the Certificate Detail Information arrow to review the expiration date, issuer, signature algorithm, and subject.
   6. To update the SAML certificate before it expires, click Generate Certificate. A new certificate is generated. Additionally, the paths for the previous certificate are shown under Old Certificate. The old certificate is used to eliminate network downtime while the new certificate is applied.
   7. Click Save.
   8. To configure the logical source with an Identity Network using SAML certificates, see Logical Gateways.
   9. Repeat Step h to add the same logical resource to another Identity Network.
3. Update the SAML certificates used by the service provider:
1. Contact your service provider for instructions.
4. Update the SAML certificates used by the logical applications in Identity Manager:
1. From the drop-down list on the top right, select Manage Networks.
2. Click the network that you want to connect with a logical resource.
3. Click Logical Gateways.
4. In the Web Application Login section, select the logical gateway that you want to update with the SAML certificate.

5. Continue with the configuration of the selected logical gateway.

   

6. Repeat this step to update another logical resource or the same logical resource in another Identity Network.

Related topic

• Creating a MicroStrategy Identity Network and Issuing an Administrator Badge