Managing registration profiles

IBM® Security Verify, and custom mobile authenticator apps that are built with the IBM Security Verify Mobile SDK, support a registration process that binds an authenticator instance to a user. To enable this registration, Verify tenant administrators must create and manage one or more registration profiles. The registration profile represents the configurable attributes for the runtime behavior of IBM Security Verify registration such as its maximum lifetime. Technically, the registration profile is a specialized configuration of an OAuth client that supports the authorization code flow.

Before you begin

  • You must have administrative permission to complete this task.
  • Log in to the IBM Security Verify administration console.

About this task

All IBM Security Verify mobile authenticators register with a Verify tenant by using a registration profile. Minimally, the profile must have a name, and is automatically assigned a unique ID. It's also preferable to configure a "Service Name". This value is used by IBM Security Verify to display and identify the registration within a mobile authenticator app. Since a registration profile is a specialized OAuth configuration, it's also possible to configure and manage aspects of the registration such as access token and refresh token lifetimes. Each registered instance of a mobile authenticator is embodied by an OAuth grant through the authorization code flow. After a successful registration, the mobile authenticator obtains an access token and refresh token. The mobile authenticator can use its access token to obtain authorized access to Verify APIs that require the entitlement "verifyAuthenticator". This entitlement is automatically associated with the access token during the registration process.

Procedure

  1. Select Authentication > Registration profiles.
  2. Add a registration profile.
    1. Select Add registration profile.
      The Add Registration Profile dialog box is displayed.
    2. Specify the following information for the Registration Profile:
      Table 1. Registration profile settings
      Information Description
      Name The name of the profile. This name is used to provide a user-friendly identifier and search criteria for the profile
      ID The unique identifier of the profile. This value is automatically assigned by Verify.
      Service Name The user-friendly name of the registration to be shown to users of IBM Security Verify mobile authenticators
      Enabled Indicates whether the profile is active.
    3. Optional: Select Advanced Settings to specify settings for registration token lifetimes.
      Advanced profiles settings enable the tenant administrator to manage token options related to the registration at run time. Additionally, custom-name, value-pair attributes can be set. These attributes are transferred to the mobile authenticator during a runtime registration flow. The applicable supported names and values are specific to a given mobile authenticator implementation and are intended as an extension enablement feature for custom developed mobile authenticators.
      Table 2. Advanced settings
      Information Description
      Access Token Lifetime The length of time, in seconds, for which an access token is valid.
      Refresh Token Lifetime The length of time, in seconds, for which a refresh token is valid. This value effectively represents the maximum lifetime age for a given registered instance of an authenticator.
      Authorization Code Lifetime The length of time, in seconds, for which an authorization code is valid. The value effective represents the maximum amount of time that a user has to complete a registration after it has been initiated. Users typically complete a registration by scanning a QRCode.
    4. Select Save.
  3. View the registration profile details.
    1. Select the registration profile whose information you want to view.
      The Registration Profile Details is displayed.
    2. Hover over the registration profile and select the Edit icon when it appears.
      The Edit Registration Profile dialog box is displayed.
  4. Edit the registration profile.
    1. Hover over the registration profile and select the Edit icon when it appears.
      The Edit Registration Profile dialog box is displayed.
    2. Edit the information.
    3. Select Save.
  5. Delete the registration profile.
    1. Select one or more registration profiles.
    2. Select Delete.
    3. Confirm that you want to permanently delete the selected registration profiles.
      This operation also removes all IBM Security Verify registrations that are associated with the registration profiles.