IBM Security Verify

 View Only

Migrate to cloud or add SaaS features – You decide with IBM Security Verify

By Katherine Cola posted Mon August 24, 2020 01:32 PM


While basic features like reverse proxy, protecting applications, and giving users single sign-on capabilities are important, we recommend you consume some of the more advanced features our SaaS add-on has to offer. Adopting a hybrid approach to access management is easier than you think and provides greater flexibility, ease of use, and end user efficiency. Identity-as-a-service (IDaaS) allows organizations to more quickly adapt to evolving business requirements with a smaller footprint and faster time-to-value. If you’re still operating on a pure on-premises environment, it might be time to add on SaaS. Whether you are looking to add SaaS features to your on-premises environment or migrate to the cloud at your own pace, it can be made possible with IBM Security Verify.

Who: Verify Access customers (formerly known as IBM Security Access Manager or ISAM)

What: Add new SaaS features to your existing on-premises environment or migrate to the cloud at your own pace

When: Now! If you’re a Verify Access customer you can integrate with Verify SaaS in 10 minutes or less

Where: From your local management interface on Verify Access simply click the “IBM Security Verify” tab to get started

Why: A hybrid approach to access management allows for faster implementation, lower operations/development personnel costs and higher availability

If you’re interested in migrating to the cloud at your own pace, here is a visual representation of a potential three step migration process from Verify Access to Verify SaaS:

Phase 0


This shows what you have today as a Verify Access user. Your entire platform is on-premises and you’re managing federation to multiple applications. You’re maintaining the upgrades and uptime of your service. You may also be paying separate vendors for MFA support. You want to get to the cloud, but all of your stuff is on-premises, so how do you do that without impacting the end user?

Phase 1

This shows a gradual migration of applications to the cloud without changing the user experience. You are able to move federations seamlessly to the cloud in a matter of minutes as well as all verification components. Gain all of the cloud functionality with a minimal on-premises presence.  

Watch the video below to learn how to connect Verify Access as an identity source to Verify SaaS. This will allow users defined in Verify Access to access cloud resources protected by Verify SaaS:

Watch the video
below to learn how to set up Verify Access as a multi-factor authentication client to Verify SaaS. With this configuration, Verify Access uses cloud based authentication APIs to perform MFA for users:

Phase 2

This shows a final state where all users and services are handled by the cloud. All on-premises Verify Access servers have been removed and all applications are being federated from the cloud. Users coming through the cloud platform to authenticate won’t know anything has happened. If they choose to, a customer may still have on-premises applications and can use application gateway in a light-weight, containerized fashion saving on infrastructure and security costs. If users still exist in an on-premises directory, then a small agent can be installed on-premises to facilitate authentication requests without any network infrastructure implications.

Watch the video below to learn how to set up Verify SaaS to communicate with Active Directory on-premises using Identity Bridge for authentication.

Looking for more information? We invite you to join our upcoming Tech Day - an interactive digital session where you’ll learn how to add features from IBM Security Verify SaaS to IBM Security Verify Access.

Were you able to join the interactive Tech Day session on September 2nd? If not, the replay is now published in the Security Learning Academy and can be found here:

1 comment



Wed February 02, 2022 11:35 AM

It is possible to configure Verify SaaS as identity source for Verify Access(on prem) ?