Identity and Access Management Updates for Watson Services

Zia Mohammad

Follow

May 30, 2019 · 3 min read

Benefits of IAM Adoption

Enterprise customers brought up the need to assign access control for individual instances to different teams. Taking into account this user feedback, back in September of 2018, we shared with you some exciting news on the global expansion of Identity and Access Management (IAM) for IBM Watson Services.

The introduction of IAM provided users with extra security options by enabling fine-grained access control for your Watson services. Catering to user needs, IAM adopters gained the following benefits over their previous Cloud Foundry service instances:

• Simplified usage data capture and display per group
• Introduction of API keys to for key rotation and faster authentication
• The ability to connect service instances to apps and across different regions
• Additional Premium features enabling compute, data, & network isolation in the IBM Public Cloud

Interested in digging deeper into how access control policies can be outlined for Watson Services? Click here.

Making the shift to IAM

As IBM Watson services add more features and security, users must switch to IAM before October 30th, 2019 to prevent any disruptions in their service instances.

If you created your Watson service after Nov 1st 2018, and have an APIKey as your credential you are already on IAM.

The migration process for each service is non-disruptive and will not impact your existing instances. At a high level, the guided migration process consists of the following 2 steps:

• The creation of a duplicate IAM instance. The guided workflow will map your Org/Space to a Resource Group.
• Swapping of credentials in your applications. The duplicated instance will generate an APIKey instead of the traditional username:password. These credentials must be swapped in your applications.

Click here to learn more about best practices for choosing resource groups

Watson Service Specific Migration Process

Each Watson service has custom documentation on how to get started with the upgrade process.

The corresponding link(s) show service-specific walkthroughs:

Watson Assistant, Discovery, Speech To Text, Text to Speech, Tone Analyzer,

Language Translator, Personality Insights, Natural Language Understanding

Natural Language Classifier, Knowledge Studio

Users of the Watson Compare and Comply and Watson Visual Recognition Service will not need to take any action as they already have the benefits of the new IAM authentical method.

Final Step: Swapping Credentials

After you have migrated to the new IAM Instance you will need to swap out your Username:Password for an API Key.

The IBM Cloud API Docs allow you to choose a programming language of your choice to see how your code will be modified to handle the new credentials.

Zia Mohammad is a Product Manager on the IBM Watson Platform Team. His passions center around: AI, emerging technologies, and sustainability.

Feel free to comment or reach out for more information or any questions!