Blogs

Integrating multiple IAM systems is an essential strategy for organizations facing the complexities of hybrid IT, mergers, regulatory compliance, multi-cloud environments, and legacy-modern system integration. By creating a cohesive identity ecosystem across diverse IAM platforms, businesses can enhance security, reduce administrative overhead, and improve user experience while ensuring compliance and operational efficiency. Learning objectives In this tutorial, you will learn to setup a basic integration of Okta as an Identity Provider for IBM Security Verify Access. Prerequisites IBM Security Verify Access Appliance with Reverse Proxy configured ...
IBM’s 2024 Cost of a Data Breach report found that stolen or compromised credentials were the most frequent attack vector with a 71% year-on-year increase in the use of these compromised credentials in attacks . It is very hard for organizations to keep up with the fast-paced expanded access and security risk related to identity. They face significant challenges, including excessive permissions, weak password practices, and insufficient visibility who accesses what, when, how and how often . But what does this mean for your organization, and how can you ensure that your identity and access management (IAM) infrastructure is equipped to meet the challenges ...
In the world of Identity and Access Management (IAM), administrators face a daunting challenge: creating, maintaining, and ensuring compliance for access policies that govern sensitive applications. Traditionally, this task has been a meticulous and time-consuming process, requiring deep technical knowledge, attention to detail, and hours spent configuring and verifying complex security settings. Imagine, however, a future where you can create those same access policies in minutes with just a natural language prompt. No technical jargon, no hours of configuration, and no stress over compliance. Welcome to that future—powered by Generative AI in IBM Verify ...
We are proud to announce that IBM Verify has won the "Best in IAM" award at the 5th CybersecAsia Readers' Choice Awards ! This award is significant, as 1,126 cybersecurity professionals from end-user organizations across the APAC region voted and recognized IBM Verify as the leading brand in Identity and Access Management. See how Verify's decentralized identity management, passwordless login, advanced API and data protection, and identity threat detection can help you better manage data threats and safeguard identities across environments: https://www.ibm.com/verify .
Artificial intelligence (AI) has a tremendous opportunity to differentiate and augment the way we work. AI allows organizations to harness large amounts of data, deliver insights that would require a lot of manual processing, continuously learn, and now, allow for generative interactions that were previously not possible, using large language models. Specific to identity and access management (IAM), Gartner suggests by 2025, 35% of organizations will utilize generative AI as part of their identity fabric functions [1] . The use of generative AI significantly improves user experience and efficiencies of IAM controls. This means redefining and augmenting ...
We are excited to announce the General Availability (GA) of the Threat Detection and Remediation feature in IBM Verify! This new capability empowers organizations to proactively detect and mitigate identity-related threats such as credential stuffing, brute force attacks, and login anomalies for resources protected by IBM Verify. Threat detection and remediation feature in IBM Verify provides advanced protection against emerging identity-based attacks, ensuring that your organization can safeguard its users, applications, and data in real time. Why Threat Detection and Remediation in IBM Verify Matters: As digital identity increasingly becomes the ...
Are you looking to improve your understanding of Identity and Access Management (IAM) and take a first step in learning the Verify Governance user interface? This course demonstrates the latest Verify Governance containerized Identity Manager interface. The following course is available at no cost to you: Course: SLATW300: Verify Governance: User Introduction (v10.0) - IBM Training - Global Looking for further training with some hands-on experience in Verify Governance? The following self-paced with lab course is available for a fee: Course: TW310XG: Verify Governance: Administration Guide - IBM Training - Global
With the 10.0.8 release of the IBM Security Verify Access product, the team has continued to improve its container support with the addition of a lightweight configuration container image. In the legacy deployment scenario, the base ISVA image contained all of the configuration and runtime services. Over recent releases, these were separated out into lightweight container images for each service. The addition of the lightweight configuration container provides the final piece of this new lightweight deployment model. This post will outline the steps to configure the environment on a clean linux host with docker installed. Host Environment ...
Recently I've been exploring the FedCM API, looking at implementations for IBM Security Verify Access in both the roles of Identity Provider and Relying Party. I've put together a couple of different README's and some associated assets in case you want to try this out for yourself. I'd suggest starting off with the Relying Party implementation first, before considering the Identity Provider. Find all the assets in my blog assets repository here: https://github.com/sbweeden/blog_assets/tree/master/fedcm

Authentication Policy Import

This article describes the usage of the authentication policy import functionality that was introduced in IBM Security Verify Access (ISVA) version 10.0.8.0. IBM Security Verify Access contains a number of different out of the box authentication policies that can be configured and used in a production environment for whatever purpose deemed fit. When a different type of authentication mechanism is required the process involves one of: Requesting the new functionality be implemented by development and added to future releases of the product. Engaging support, services or some other direct contact to have the authentication policy created using mapping ...
In the last few Verify Access releases we’ve been adding more and more mechanism properties as policy parameters. This means that the configuration values don’t have to be static strings, but instead can be read from session or request parameters! It also means that certain parameters are no longer global configuration and can be specifically configured where needed. We’re continuing our efforts to add more policy parameters in 10.0.8 with heaps of entries added for the OTP mechanisms. This includes MAC OTP, HOTP and TOTP. This blog however is going to focus on the parameters added for TOTP with an example that also uses the new OTP enrollment mechanism. ...

Configuring verifiable links

This blog post provides an introduction to the concept and a step-by-step walk-through on creating these essential files in IBM Security Verify. Concept The concept of "Verifiable Links" refers to the files used in mobile app development that facilitate the establishment of connections between mobile apps and associated websites or other apps. Namely, these files assetlinks.json for Android and apple-app-site-association for iOS, play a crucial role in enabling seamless navigation and communication between different digital experiences on mobile devices. They serve as verification mechanisms to establish the association between mobile apps and their ...
I've started putting together a small collection of Lua HTTP transformation rules and utility functions that I've found useful when working on some recent cusotmer use cases. The ability to read and modify request and response bodies, implement an EAI-based authenticaiton mechanism, implement your own authorization logic, and more are all outstanding new capabilities in IBM Security Verify Access and I believe this feature of the product will be very popular with practitioners when working on advanced or unusual scenarios. Feel free to check out the resources here: https://github.com/sbweeden/blog_assets/tree/master/lua_http_transformations If you ...
Co Authored By Tushar Prasad Introduction: IBM Security Verify Access container has multiple components namely, · Verify Access config container, · Verify Access Snapshot Manager, · Verify Access Reverse Proxy container, · Verify Access Runtime Containers, · Verify Access Distributed Cache containers (DSC) Verify Access Config container allows all configuration changes and other container connects on HTTPS connection to fetch the configuration snapshot. IBM Security Verify Access 10.0.7.0 introduced on how participating containers can Verify HTTPS connections ...
This blog focuses on the integration of IBM Security Verify with SAP Cloud Identity Services in SAP BTP as a proxy. Integrating SAP Cloud Identity Services (CIS) with IBM Security Verify represents a strategic move for organisations aiming to optimise their operations and bolster their cybersecurity measures. SAP CIS offers a comprehensive suite of integrated solutions tailored to streamline business processes and enhance operational efficiency. Conversely, IBM Security Verify provides best-in-class identity verification capabilities, safeguarding sensitive data and preventing unauthorised access. The integration of these two platforms enables companies ...
Next Generation Authentication with Verify Governance IBM® Security Verify Governance (ISVG) Identity Manager (IM) and Identity Governance (IG) uses OpenID connect authentication server. OpenID Connect is a simple identity layer built on top of the OAuth 2.0 protocol, which allows clients to verify the identity of an end user based on the authentication performed by an authorization server or identity provider. This document details the steps to configure IBM Security Verify Governance - Identity Manager (aka ISIM) 10.x (and the underlying WebSphere) for OpenID Connect Single Sign-On with IBM Security Verify SaaS also with IBM Security ...
Co-Authored By Tushar Prasad Imagine an application where users are required to acknowledge and agree to an End-User License Agreement (EULA) before gaining access to the services it offers. IBM Security Verify SaaS takes user privacy and consent seriously, offering a streamlined experience for Administrators and/or Application Owners to effortlessly configure EULAs or specify data purposes for any of their OpenID Connect applications. With IBM Security Verify SaaS, Application Owners have the flexibility to request consents for EULAs and/or data purposes, in addition to the standard OpenID Connect scopes or any other custom ...
Co Authored By Tushar Prasad Challenge Authentication and Authorization are one of the pillars in Identity fabric. It becomes important for organizations to strengthen each and every thread. OpenID connect is one of the important protocols which provide Single Sign On and one of the integration points which helps organizations running a multi cloud or hybrid cloud environment to seamlessly consume identities. In this scenario of openID connect, this article discusses a solution on strengthening on how an OpenID relying party connects to an OpenID Provider and implementing an interception attack resistant solution. INTERACTION Diagram: ...
Co Authored By Tushar Prasad , Nilesh Amrutkar Introduction IBM Security Verify Access introduced open Source based Web application Firewall Engine called ModSecurity.This capability is available in Verify Access Version 10.0.5.0 onwards. IBM Verify Access makes use of Mod Security as web application firewall (WAF). Verify Access WAF can be configured to protect Web Application based on URL patterns, using "request-match" in [WAF] stanza. This can be useful when Customers would like to invoke WAF depends on such method and URL patterns. But if Customers would like to use some other info, like HTTP Header, cookie, etc., to invoke WAF, you can use HTTP ...
Co-Authored By Sameer Kapadia Integrating hybrid identities with IBM Security Verify and onboarding onPrem LDAP into IBM Security Verify SaaS with the power of OpenShift Challenges In today’s dynamic landscape, where organizations leverage a multi-cloud hybrid deployment model, the management of digital identities and their security becomes paramount. The hybrid nature, with identities dispersed across various sources such as private clouds, legacy systems, or anywhere in the multi-cloud environment, accentuates the need for a comprehensive approach. In the ongoing journey of cloud modernisation, ...