Managing IBM Verify Authenticators

Register an IBM® Verify mobile authenticator to enable its use as a second authentication factor or as a replacement for passwords.

Before you begin

Note: It's also an administrative configuration requirement to create a registration profile before a new IBM Verify authenticator instance can be registered here. Your tenant administrator does the configuration. See Managing registration profiles for more information.

About this task

If your application or Verify security policies requires 2FA provided by IBM Security Verify, then you first need to register one or more instances of the IBM Security Verify mobile authenticator app. If registered, IBM Security Verify can be offered as a 2FA option during runtime access and authentication.

You can perform the following tasks:
  • Add an authenticator.
  • View the authenticator details.
  • Test the authenticator.
  • Remove the authenticator.

Procedure

  1. From your profile menu, click Profile & settings.
  2. Click Security from your Profile page.
  3. Perform second factor authentication.
    1. Select the method to receive your one-time password.
      Initially, you use your email to receive your passcode. You can add more methods after you access your Security settings page.
    2. Enter the passcode and click Submit.
    Any existing methods are displayed.
  4. To view registered authenticator details, do the following step.
    1. Click the '>' or the name of the method.
      The panel is expanded to show the details, typically, when it was added, whether it is enabled, and whether it is validated, and device type if appropriate.
  5. To register a method or to change an existing method, do the following steps.
    When you add method, it replaces the existing value with the new value.
    1. Click Add new method.
    2. Select the method you that want to add or change.
      • IBM Verify app, click Add device.
      • Authenticator App, click Setup.
      • FIDO2 Device, click Add device. A FIDO2 device is a device with built-in sensor, a hardware token with support for FIDO, or a device with fingerprint or facial recognition such as Apple TouchID and Windows Hello.
      • Text Message, click New number.
      • Phone call, click New number.
      • Email, click New email.
    3. Specify the required information and follow the directions.
      For text message and phone call, you must specify the country code and the phone number.
      Note: For Authenticator App, if you are unable to scan the QR code to connect to your account, click Enter a code instead. An authentication secret is displayed. Enter that code from your device to connect to your account.
    4. For email and text message, click Send access code. For phone call, click Call me.
    5. For email, text message, authenticator app, and phone call, verify your device.
      1. Retrieve the one-time access code that was sent to the method you selected.
      2. Enter the passcode in the Access code field.
      3. Click Verify.
    6. For a FIDO2 device, plug in an external device or use a built-in device, then click Next: Connect your device.
      1. Scan you fingerprint.
      2. Provide a friendly name for your device.
      3. Click Next: Verify your device.
      4. Scan you fingerprint.
  6. To test the operation of a device, do the following steps.
    1. Hover over the device and click the Menu icon when it appears.
    2. Click Test Device and follow the instructions.
      A push notification is delivered to your authenticator. Respond to the notification as directed.
    3. For a FIDO2 device, do the following steps.
      1. Hover over the device and click the Menu icon when it appears.
      2. Click Test Device.
      3. Scan your fingerprint or click More choices to use your PIN or password, depending on your FIDO2 hardware.
  7. To remove a device or method, do the following steps.
    1. Hover over the device and click the Menu icon when it appears.
    2. Click Remove device or Delete authenticator and click Confirm.
      A push notification is delivered to your IBM Verify authenticator.
  8. Optional: To add a third-party authenticator application for generating one time access codes, do the following steps.
    You can enable one third-party authenticator only.
    1. Click Add new method.
    2. Click Setup in the Authenticator App section.
    3. Follow the directions to download the application on to your mobile device.
    4. Click Connect your authenticator.
      Follow the directions.
  9. To test the operation of an authenticator, do the following steps.
    1. Hover over the authenticator and click the Menu icon when it appears.
    2. Click Test Device and follow the instructions.
      A push notification is delivered to your IBM Security Verify authenticator. Respond to the notification as directed.
  10. To remove an authenticator, do the following steps.
    1. Hover over the authenticator and click the Menu icon when it appears.
    2. Click Remove authenticator and click Confirm.