Articles

By Jeroen Tiggelman on August 4, 2019

IBM Security zSecure Suite 2.4 announced

IBM Security zSecure suite V2.4 was announced on July 23, 2019 with a planned availability date of September 30, 2019. You can read the US announcement letter here. RACF has made new JSON Web Token functionality in support of Multi-Factor Authentication also available for z/OS V2.2 and V2.3. Details about zSecure compatibility fixes can be […]

Continue reading

By Gerard Boekhoud on July 24, 2019

IF001 for IGI 5.2.5.1 now available

On July 19, 2019 we made  IF001 on top of IGI 5.2.5.1 publicly available on FixCentral. This iFix include some strong performance improvements especially within the Access Certification module. Improvements are made in the following areas: a. Time to launch Campaign Summary Page (Especially in the event of a high number of campaigns). This improves by […]

Continue reading

By Martin Schmidt on August 4, 2019

Modernizing your B2C Portal Security – LDAP Proxy Deep Dive

IBM Security zSecure suite V2.4 was announced on July 23, 2019 with a planned availability date of September 30, 2019. You can read the US announcement letter here. RACF has made new JSON Web Token functionality in support of Multi-Factor Authentication also available for z/OS V2.2 and V2.3. Details about zSecure compatibility fixes can be […]

Continue reading

By Martin Schmidt on May 17, 2019

Modernizing your B2C Portal Security – A thoughtful approach

As we have described the situation that many of our customers are in today, and our proposal for a better future state, we come to realize that for many, this transition is a journey, and a single big bang transition is not practical for many.  This blog entry will outline an approach to start such […]

Continue reading

By Craig Pearson on May 16, 2019

IBM Verify : MMFA Mapping Rules to Determine Device Registration

This article demonstrates how to configure a pre-token mapping rule for MMFA in ISAM which can prevent authenticator registration when certain undesirable conditions are detected.  For example: Unsupported app or OS version The device is jailbroken Enforce users to register with a customer authenticator app Below are the registration attributes included in the request payload […]

Continue reading

By ADAM CASE on May 10, 2019

Getting started with IBM Verify

Getting started with IBM Verify With an IBM Cloud Identity Verify you have the ability to apply multi-factor authentication anywhere, using one authenticator. From Linux shell access to Windows remote desktop, even custom development with IBM Cloud Identity Verify APIs, you can take full advantage of no infrastructure costs, third party subscriptions for email and […]

Continue reading

By Martin Schmidt on May 4, 2019

Modernizing your B2C Portal Security – Desired End State

Proposition: As we have seen in part one of this series, managing customer identities for a portal can be a challenge and distraction for the business.  In this part of the series we will outline how a modernized solution for a portal security can simplify operations and free your team up to focus on the […]

Continue reading

By Jeroen Tiggelman on April 28, 2019

Keep a command log annotated with change request information with IBM Security zSecure

For demonstrating compliance in an audit it can be necessary to show that changes that have been made to security rules are the result of approved change requests. New function recently released in the service stream for IBM Security zSecure 2.3.1 helps provide assurance via a simplified view based on a log of all RACF […]

Continue reading

By Carsten Hagemann on April 26, 2019

Verify your One-Time password configuration

One-time passwords (OTP) are widely used as a 2nd factor to add an additional layer of security to your account’s login. IBM Verify and the SDK support the generation of time-based (TOTP) and hash-based one-time passwords (HOTP) for SHA1, SHA256 and SHA512. Despite that its configuration is considered as “easy”, it can be time-consuming to […]

Continue reading

By Martin Schmidt on April 19, 2019

Modernizing your B2C Portal Security – Introduction and Challenges

Introduction: Business to Consumer (B2C) is an incredibly common kind of identity and access management implementation. This implementation allows consumers to self-register and self-manage their digital identities for a given retailer or service provider.  The provider does this so that they can streamline subsequent interactions with consumers and to provide a seamless user experience while […]

Continue reading

By David Edwards on April 15, 2019

IGDM Part 3 – Implementing the Identity Governance Data Model

This blog is the third in a series of three looking at a proposed common Identity Governance Data Model (IGDM). This model attempts to address the needs of managing heterogeneous complex target system access models in an Identity Governance and Administration (IGA) environment. The proposed IGDM is designed to standardize identity management and governance data […]

Continue reading

By David Edwards on April 15, 2019

IGDM Part 2 – Validating the Proposed Identity Governance Data Model

This blog is the second in a series of three looking at a proposed common Identity Governance Data Model (IGDM). This model attempts to address the needs of managing heterogeneous complex target system access models in an Identity Governance and Administration (IGA) environment. The proposed IGDM is designed to standardize identity management and governance data […]

Continue reading