IBM Security Verify

 View Only

Simplify application security on Red Hat OpenShift with the IBM Security Verify SaaS Operator

By Milan Patel posted Wed December 15, 2021 01:53 PM


IBM Security Verify SaaS is a purposed built Identity-as-a-Service (IDaaS) to help clients optimize how they protect applications from the cloud. This includes single-sign-on, multi-factor authentication, risk-based authentication, and more from the cloud. As clients look to modernize applications through a hybrid cloud approach, a consistent and secure framework is required. This consists of advanced security policies, modern security protocols, and an on-ramp to leveraging these modern and advanced security experiences from legacy identity approaches.

IBM Security Verify SaaS helps protect any user for any application across any cloud through an as-a-Service experience. As clients run multi-cloud deployments, Verify SaaS becomes the centralized platform to protect applications.

Bringing developer time to value to Red Hat OpenShift with IBM Security Verify

With Red Hat OpenShift, clients are enabled to use Red Hat SSO, a software enabled Access Management solution, to provide single-sign-on, multi factor authentication, and more to help protect the OpenShift platform and applications built on OpenShift.

To provide an additional deployment model value to OpenShift clients, we are announcing the start of how clients can benefit from building on the Red Hat OpenShift platform with IBM Security Verify. Security and identity are critical enablers to how modernization is experienced and are in most cases implied as part of application development; however, it is a very complex topic that consists of redefining and evaluating existing and new Identity and Access Management (IAM) stacks. As we see the inherent value for our clients to start their journey to cloud built on OpenShift, the need to make our client journey simpler is critical, from a business and technology perspective.

This is why we are introducing two on-ramps for Red Hat OpenShift clients to experience the value from IBM Security Verify as applications are secured: 

  • IBM Security Verify Operator
  • IBM Security Verify SSO


IBM Security Verify Operator

The IBM Security Verify Operator provides OpenShift admins and developers a streamlined way for protecting applications with IBM Security Verify. Admins and/or developers can configure their OpenShift environment to leverage IBM Security Verify SaaS so applications can be dynamically onboarded and protected through a single IDaaS experience. Developers don't have to worry about configuring all their applications, one at a time with IBM Security Verify, but instead can automate the onboarding of applications using Dynamic Client Registration, based on the OpenID Connect Specification.

The Verify Operator is certified and available via the Red Hat OpenShift catalog. In conjunction with the NGINX operator, the Verify Operator can be used to streamline all resources through the NGINX ingress controller. When NGINX is used as the Ingress controller, the Verify operator can be leveraged using special annotations in the Ingress definition to protect all services. We plan to support additional ingress deployments as we expand the capabilities of the Verify Operator in the future.

IBM Security Verify SaaS SSO

As part of simplifying the on-ramp of protecting applications built on OpenShift, we are also providing an IBM Security Verify SSO plan for clients/developers that do not have an existing Verify SaaS tenant to start protecting applications from the cloud. Clients modernizing with OpenShift will be able to use a "no user and no application limit" deployment of IBM Security Verify SaaS tenant with single-sign-on. IBM Security Verify SaaS also comes with a modernization framework that allows the preservation of legacy sign on experiences while co-existing with modern sign on experience, using the IBM Application Gateway.

IBM Security Verify SaaS SSO also comes with the following capabilities:

  • Scalable directory
  • Integration with existing identity sources
  • Social log-in
  • Base analytics dashboards for authentication activity
  • Application onboarding and self-service developer portal
  • Data privacy and consent engine
  • Hosted user registration and profile management capabilities
  • Branding and customization of the tenant but also consumer (CIAM) experiences

As part of simplifying the developer experience, IBM Security Verify SaaS provides an easy way to export the credential information required by the Verify Operator so that it can communicate with IBM Security Verify SaaS.

As the need for more advanced capabilities are needed, administrators and developers can simply add more capabilities such as multi-factor authentication, governance, continuous risk-based authentication, and advanced analytics by simply adding the corresponding subscriptions.

See it in action

Verify SaaS Operator Overview

Verify SaaS Operator Installation


Verify SaaS Operator Use

Get started now

To get started, install the IBM Security Verify Operator. You will be able to obtain your Verify SSO tenant or bring your existing tenant.

If you already have Red Hat SSO and want to extend how IBM Security Verify SaaS can provide additional capabilities, see the open source extensions available. Happy developing!