What's new

Find the latest updates, new features, and release-specific details for IBM® Verify here.

June 2026

• A requestable feature - Transaction token (VDEV-186514) can be configured for OIDC-related applications and STS clients, providing contextual, single-use tokens for enhanced security in token exchange scenarios. Additionally, Actor criteria can be configured for OIDC-related applications, enabling secure delegation scenarios where services or agents can act on behalf of users with fine-grained authorization control. See Transaction token and Actor criteria for more details.
• IBM Verify now supports Authorization Detail Types that standardize how Rich Authorization Requests (RAR) represent fine‑grained access. They define schemas that let you specify precise, transaction-level permissions, ensuring consistent and interoperable authorization across the platform. See Managing authorization detail types for more details.
• For improved security, IBM Verify now supports private key JWT as an authentication method for OIDC Enterprise identity providers. See Configuring an OIDC Enterprise identity provider.
• A requestable feature, Secrets in CELx expressions (VDEV-66277), was added. Use this feature to to create and reference secrets in CELx expressions. See Secrets functions and Managing and using secrets.
• Information was added about Microsoft Intune device manager attributes. See Select the device manager attribute.
• IBM Verify now supports Microsoft Entra ID External Authentication Methods (EAM) for third-party multi-factor authentication. See Configuring Microsoft Entra ID External Authentication Methods (EAM) application in Verify.
• Changes and clarifications were made to the instructions for configuring a Microsoft Intune device manager. See Adding an Intune device manager.
• Updated list of supported application templates. Added support for the following applications:
  • None
  See Supported connectors for applications.

Notifications

• As part of the transition from Dynamic roles to Dynamic groups, the v1.0 APIs for administrator and application dynamic roles are deprecated. The end of life is 01 July 2026. See Administrator dynamic role APIs and Application dynamic role APIs for more details.
• Importing .bpmn file in Flow designer is now deprecated. Use a .json file for all future imports. To ease the transition, the system supports converting BPMN format to JSON format before import. The end of life is 30 June 2026. See Managing flow designer for more details.
• IBM is implementing backend changes to the following OpenID Connect (OIDC) endpoints.
  • /v1.0/endpoint/default/*
  • /oidc/endpoint/default/*
  The following is the status of the deployment for different data centers:
  • Australia data centers - completed
  • US data centers - completed (14 October 2025)
  • Canada data centers - completed (16 December 2025)
  • Japan data centers - completed (14 January 2026)
  • Europe data centers - scheduled (26 January 2026)
  • US SL2 data centers - pending
  No disruption is expected for existing /oauth2/* endpoint users. For more information about the changes, see OpenID Connect implementation notes. If you have any concerns, open a support ticket.
• Some password policy APIs are being deprecated. The end of life is 31 July 2027. See Deprecated APIs for more details.
• The adaptive access feature is not supported in a FedRAMP environment.
• The design system for the IBM Verify Admin UI is being upgraded in an upcoming release. The latest version of the Carbon design component library improves accessibility and loading times. These behind-the-scenes changes provide developers with access to the latest tools. You might notice changes in colors, spacing, or size as the design is standardized.
• The Subscription Usage Dashboard is currently still in preview mode. Some inaccuracies were discovered in the usage statistics. The levels of consumption for your subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
  Note: The inaccuracies in the data that is displayed do not affect your billing in any way.

May 2026

• Two new entitlements were added for SMS and voice OTP authentication. See manageSmsVoiceOtpSuppressionList and readSmsVoiceOtpSuppressionList.

• The Access certification reviewers can now view all user attributes in User entitlement campaigns and the user’s existing entitlements for the selected application in Account campaigns. See User entitlement and Account campaigns for more details.

• 12 built-in attributes were added Creation time, Last modified time, Deactivation reason, Home address, User category, Password reset, Password account locked time, Password failure time, Password changed time, Last login, Last login type, and Last login realm. See Built-in attribute sources.

• Updated list of supported application templates. Added support for the following applications:
  • None
  See Supported connectors for applications.

Notifications

• As part of the transition from Dynamic roles to Dynamic groups, the v1.0 APIs for administrator and application dynamic roles are deprecated. The end of life is 01 July 2026. See Administrator dynamic role APIs and Application dynamic role APIs for more details.

• Importing .bpmn file in Flow designer is now deprecated. Use a .json file for all future imports. To ease the transition, the system supports converting BPMN format to JSON format before import. The end of life is 30 June 2026. See Managing flow designer for more details.
• IBM is implementing backend changes to the following OpenID Connect (OIDC) endpoints.
  • /v1.0/endpoint/default/*
  • /oidc/endpoint/default/*
  The following is the status of the deployment for different data centers:
  • Australia data centers - completed
  • US data centers - completed (14 October 2025)
  • Canada data centers - completed (16 December 2025)
  • Japan data centers - completed (14 January 2026)
  • Europe data centers - scheduled (26 January 2026)
  • US SL2 data centers - pending
  No disruption is expected for existing /oauth2/* endpoint users. For more information about the changes, see OpenID Connect implementation notes. If you have any concerns, open a support ticket.
• Some password policy APIs are being deprecated. The end of life is 31 July 2027. See Deprecated APIs for more details.
• The adaptive access feature is not supported in a FedRAMP environment.
• The design system for the IBM Verify Admin UI is being upgraded in an upcoming release. The latest version of the Carbon design component library improves accessibility and loading times. These behind-the-scenes changes provide developers with access to the latest tools. You might notice changes in colors, spacing, or size as the design is standardized.
• The Subscription Usage Dashboard is currently still in preview mode. Some inaccuracies were discovered in the usage statistics. The levels of consumption for your subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
  Note: The inaccuracies in the data that is displayed do not affect your billing in any way.

April 2026

No new features were added in April.

• Updated list of supported application templates. Added support for the following applications:
  • None
  See Supported connectors for applications.

Notifications

• As part of the transition from Dynamic roles to Dynamic groups, the v1.0 APIs for administrator and application dynamic roles are deprecated. The end of life is 01 July 2026. See Administrator dynamic role APIs and Application dynamic role APIs for more details.

• Importing .bpmn file in Flow designer is now deprecated. Use a .json file for all future imports. To ease the transition, the system supports converting BPMN format to JSON format before import. The end of life is 30 June 2026. See Managing flow designer for more details.
• IBM is implementing backend changes to the following OpenID Connect (OIDC) endpoints.
  • /v1.0/endpoint/default/*
  • /oidc/endpoint/default/*
  The following is the status of the deployment for different data centers:
  • Australia data centers - completed
  • US data centers - completed (14 October 2025)
  • Canada data centers - completed (16 December 2025)
  • Japan data centers - completed (14 January 2026)
  • Europe data centers - scheduled (26 January 2026)
  • US SL2 data centers - pending
  No disruption is expected for existing /oauth2/* endpoint users. For more information about the changes, see OpenID Connect implementation notes. If you have any concerns, open a support ticket.
• Some password policy APIs are being deprecated. The end of life is 31 July 2027. See Deprecated APIs for more details.
• The adaptive access feature is not supported in a FedRAMP environment.
• The design system for the IBM Verify Admin UI is being upgraded in an upcoming release. The latest version of the Carbon design component library improves accessibility and loading times. These behind-the-scenes changes provide developers with access to the latest tools. You might notice changes in colors, spacing, or size as the design is standardized.
• The Subscription Usage Dashboard is currently still in preview mode. Some inaccuracies were discovered in the usage statistics. The levels of consumption for your subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
  Note: The inaccuracies in the data that is displayed do not affect your billing in any way.

March 2026

• A new self-service feature was added to enable customers to register, verify, and manage their email domains without involving IBM Verify support. See Customizing email and SMS providers.
• The Session context cache (VDEV-32965) feature is now generally available. You no longer have to request this feature. See ../references/r_attr_functions.html#r_attr_functions__cache.
• Documentation was added for SAML 2.0 profile initial URLs. See SAML 2.0 profile initial URLs for the identity provider.
• Support was added for configuring multiple SAML Enterprise identity providers with the same Provider ID.
  Some use cases for this feature include:

  • Connecting to multiple environments such as development, staging, and production of the same external IdP that all use identical Provider IDs.
  • Managing different organizational units within a multi-tenant IdP setup where departments share the same Provider ID, but require separate authentication policies and user populations.
  You can enable this capability by selecting the unique ID checkbox during identity provider configuration. See Adding a SAML Enterprise identity provider.
• A new checkbox was added for assigning default entitlements for user tokens in OIDC applications. See Configuring single sign-on in the OpenID Connect for Open Banking applications, Configuring single sign-on in the OpenID Connect application, and Configuring OpenID Connect single sign-on in the custom application. See also Default sign-on token API entitlements.
• Three new access entitlements were added. See readAuthDetailTypes, manageAuthDetailsTypes and manageEmailNotificationDomainAuth.
• IBM Verify Antenna now has standalone documentation. For more information, see IBM Verify Antenna.
• Windows Servers 2022 and 2025 are now supported for the following on-prem integrations. See IBM Verify Bridge, IBM Verify Bridge for Directory Sync, IBM Verify Gateway for RADIUS, and IBM Verify Gateway for Windows.
• Six new egress IPs were added for Canada. See Egress internet protocol addresses.
• IBM Verify now supports blocking suspicious users by using a threat-based access policy. This approach extends existing IP-based blocking to user-level enforcement, preventing malicious activity during the SSO flow. See Threat-based user blocking and Threat event for more details.
• Downloading entitled software no longer requires an IBMid. Consequently, the software download procedure is the same for all environments. See Downloading your software.
• Clarification was added about the use of Certificate Revocation List (CRL) checking in global settings for SAML2.0 applications and identity providers. See Configuring SAML general settings and Configuring Global settings.
• IBM Verify supports a requestable feature External consent management (CI-131365) that integrates Verify with external consent management systems through real-time webhooks. This function enables organizations to use third-party consent providers for managing user data usage approvals while maintaining seamless authentication flows. See External consent provider integration .
• Updated list of supported application templates. Added support for the following applications:
  • None
  See Supported connectors for applications.

Notifications

• Importing .bpmn file in Flow designer is now deprecated. Use a .json file for all future imports. To ease the transition, the system supports converting BPMN format to JSON format before import. The end of life is 30 June 2026. See Managing flow designer for more details.

• As part of the transition from Dynamic roles to Dynamic groups, the v1.0 APIs for administrator and application dynamic roles are deprecated. The end of life is 01 July 2026. See Administrator dynamic role APIs and Application dynamic role APIs for more details.

• IBM is implementing backend changes to the following OpenID Connect (OIDC) endpoints.
  • /v1.0/endpoint/default/*
  • /oidc/endpoint/default/*
  The following is the status of the deployment for different data centers:
  • Australia data centers - completed
  • US data centers - completed (14 October 2025)
  • Canada data centers - completed (16 December 2025)
  • Japan data centers - completed (14 January 2026)
  • Europe data centers - scheduled (26 January 2026)
  • US SL2 data centers - pending
  No disruption is expected for existing /oauth2/* endpoint users. For more information about the changes, see OpenID Connect implementation notes. If you have any concerns, open a support ticket.
• Some password policy APIs are being deprecated. The end of life is 31 July 2027. See Deprecated APIs for more details.
• The adaptive access feature is not supported in a FedRAMP environment.
• The design system for the IBM Verify Admin UI is being upgraded in an upcoming release. The latest version of the Carbon design component library improves accessibility and loading times. These behind-the-scenes changes provide developers with access to the latest tools. You might notice changes in colors, spacing, or size as the design is standardized.

1. The Subscription Usage Dashboard is currently still in preview mode. Some inaccuracies were discovered in the usage statistics. The levels of consumption for your subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
   Note: The inaccuracies in the data that is displayed do not affect your billing in any way.

February 2026

• Nine new egress IPs were added for Australia. See Egress internet protocol addresses .
• A new option was added for ID token and user info, Only return minimum claims. See OpenID Connect introspect, ID token, and user info mapping.
• IBM Verify now supports modifying the EntityID property for SAML identity and service providers. It ensures the uniqueness, routing, and trust in SAML authentication flows. See Configuring Global settings and Configuring SAML general settings.
• Two access entitlements were added. See readSelfProfile and manageSelfProfile.
• The following enhancements are now available in Flow Designer:
  • Supports the introduction and use of JSON-based models for improved flexibility and integration. See Managing flow designer for more details.
  • APIs for managing flows are released and now available for public use. See Flow management models for more details
  • Enhancements to the Ask for approval task now allow configuring individual users as approvers. User relationships can also be utilized to configure approver s. See Approver source for more details.
• Updated list of supported application templates. Added support for the following applications:
  • None
  See Supported connectors for applications.

Notifications

• Importing .bpmn file in Flow designer is now deprecated. Use a .json file for all future imports. To ease the transition, the system supports converting BPMN format to JSON format before import. The end of life is 30 June 2026. See Managing flow designer for more details.

• IBM is implementing backend changes to the following OpenID Connect (OIDC) endpoints.
  • /v1.0/endpoint/default/*
  • /oidc/endpoint/default/*
  The following is the status of the deployment for different data centers:
  • Australia data centers - completed
  • US data centers - completed (14 October 2025)
  • Canada data centers - completed (16 December 2025)
  • Japan data centers - completed (14 January 2026)
  • Europe data centers - scheduled (26 January 2026)
  • US SL2 data centers - pending
  No disruption is expected for existing >/oauth2/* endpoint users. For more information about the changes, see OpenID Connect implementation notes. If you have any concerns, open a support ticket.
• Some password policy APIs are being deprecated. The end of life is 31 July 2027. See Deprecated APIs for more details.
• The adaptive access feature is not supported in a FedRAMP environment.
• The design system for the IBM Verify Admin UI is being upgraded in an upcoming release. The latest version of the Carbon design component library improves accessibility and loading times. These behind-the-scenes changes provide developers with access to the latest tools. You might notice changes in colors, spacing, or size as the design is standardized.

1. The Subscription Usage Dashboard is currently still in preview mode. Some inaccuracies were discovered in the usage statistics. The levels of consumption for your subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
   Note: The inaccuracies in the data that is displayed do not affect your billing in any way.