Managing your IBM Verify authenticators

Configure and manage authentication factors for two-step verification (2FA) to secure your IBM® Verify account. Two-step verification (2FA) enhances account security by requiring a second authentication method to verify your identity when your access your IBM Verify account on a computer or mobile device.

Anm: Your tenant administrator determines the available authentication factors for your account.

Before You Begin

To use the IBM Verify mobile app as an authenticator, download and install it from the App Store or Google Play.

If your application or security policies require 2FA, you must register at least one instance of the IBM Verify mobile authenticator app to enable it as a 2FA option during authentication.

Anm: If your account requires a minimum number of enrollments, the enrollments must be unique. For example, if you use the same phone number for text messages and phone calls, it is only one enrollment. If you use your cell phone number for text messages and your office phone number for phone calls, then they are two enrollments.

Adding an authentication method

You can add a new authentication method, such as the IBM Verify app, another authenticator app, passkey, text messaging, email, or phone call, to enable two-step verification for your account.

Procedure

  1. Log in to your IBM Verify account.
  2. From the profile menu, select Profile & settings.
  3. Click Security on the Profile page.
  4. Complete the second-factor authentication by selecting an authentication method to receive a one-time passcode.
    Tip: If no authentication factors are set up, a passcode is sent to your email address associated with your Verify account.
  5. Enter the passcode and click Submit.
  6. Click Add new method and choose an authentication method.

Adding the IBM Verify app

Register the IBM Verify app as an authenticator for two-step verification.

Procedure

  1. Click Add device.
  2. Download the IBM Verify app from the App Store or Google Play if not already installed.
  3. Click Next: Connect your account.
  4. Open the IBM Verify app on your mobile device and tap Connect an account.
  5. Tap Scan QR code.
  6. Scan the QR code by using your device's camera.
  7. If biometrics are enabled on your device and you want to use them, tap Use biometrics (or equivalent); otherwise, tap No thanks.
  8. Tap Got it! in the app.
  9. In the IBM Verify portal, click Done.
    When you are prompted for a second authentication factor, you have two choices.
    • You can select IBM Verify App and touch the push notification on your mobile device.
    • You can select Authenticator app and enter the passcode that is generated.
    Note: If you choose to use the passcode, enter it as six numbers without any spaces. Although the passcode might appear as 123 456, it must be entered as 123456.

Adding another authenticator app

Set up a third-party authenticator app for two-step verification. You can have one Authenticator app only. If the IBM Verify app is already registered as an authenticator app, you must remove it first by selecting the more options menu (3 vertical dots) and clicking Remove authenticator.

Procedure

  1. Click Setup.
  2. Provide a name for the authenticator app and download it from the App store or Google Play.
  3. Click Next: Connect your authenticator.
  4. In the authenticator app, tap Add account and select the account type.
  5. Tap Finish if prompted.
  6. In the IBM Verify portal, click Next: Test your authenticator.
  7. Enter the one-time passcode from the authenticator app.
    For example, if the passcode displayed is 123 456, it must be entered as 123456.
  8. Click Done.

    When you are prompted for a second authentication factor, you can select Authenticator app and enter the passcode that is generated by the authenticator app on your mobile device.

Setting up a passkey

Configure a passkey by using your device's built-in authentication methods, such as biometrics or PIN.

Procedure

  1. Click Add passkey > Next: Add passkey.
  2. To setup a built-in passkey, do the following steps:
    1. Select an authentication method and follow the prompts.
    2. Click OK to save the passkey.
  3. To setup an external security passkey, do the following steps:
    1. Select Security key and click Next.
    2. Click OK > OK.
    3. Insert your security key, enter the PIN, and click OK.
    4. Touch the security key and click OK to save the passkey.
  4. If prompted, click Allow.
  5. Enter a friendly name for the passkey and click Done.

Setting up text messaging

Configure text messaging as an authentication method for receiving one-time passcodes.

Procedure

  1. Click New number.
  2. Select the correct country code.
  3. Enter your mobile phone number without spaces.
    For example, enter (123) 456-7890 as 1234567890.
  4. Click Send access code.
  5. Enter the access code that you received on your mobile device.
  6. Click Verify > Done.

Setting up email authentication

Configure an email address to receive one-time passcodes for two-step verification.

Procedure

  1. Click New email.
  2. Enter the email address in the correct format.
    For example, johndoe@myco.com. Include the at symbol '@' and period '.' in the address.
  3. Click Send access code.
  4. Enter the access code that you received in the email.
  5. Click Verify > Done.

Setting up phone call authentication

Configure a phone number to receive verbal access codes for two-step verification.

Procedure

  1. Click New number.
  2. Select the correct country code.
  3. Enter your phone number without spaces.
    For example, enter (123) 456-7890 as 1234567890.
  4. Click Call me.
  5. Enter the access code that you received verbally on your phone.
  6. Click Verify > Done.

Removing an authentication method

If you no longer want to use an authentication method, you can remove it from your device.

About this task

Note: If your account requires a minimum number of enrollments and this removal results in fewer than the minimum amount,
  • If you are within the grace period, after the removal you might see notifications about the required number of enrollments.
  • If you are not within the grace period, after the removal you must complete the required number of enrollments the next time you authenticate.

Procedure

  1. Hover over the authenticator and click the more options menu icon (3 vertical dots).
  2. Click Remove authenticator and click confirm.

Testing an authentication method

To test the operation of an authenticator, do the following steps.

Procedure

  1. Hover over the authenticator and click the more options menu icon (3 vertical dots).
  2. Click Test Device and follow the instructions.
  3. Respond to the push notification or enter the code that is delivered to your authenticator.
    A push notification or code is delivered to your IBM Verify authenticator. Respond to the notification as directed.

Managing security questions

If the security questions feature is enabled for your tenant, you can answer the questions as a multi-factor authentication option.

About this task

Security questions are an older authentication method and are not as secure as other authentication factors. This feature is provided to accommodate the existing requirements of some customers. If you must use security questions, contact your tenant orchestration administrator to enable the security questions feature on your tenant.

Procedure

  1. Log in to IBM Verify.
  2. Set up security questions as an authentication factor.
    1. From your user profile menu, click Profile & Settings.
      Your Profile page is displayed.
    2. Click Security.
    3. Perform two factor authentication if necessary.
      Your Security page is displayed and shows whether you enrolled any devices in IBM Verify.
    4. To enroll in security questions, click the Edit icon.
      The Let's set up your security questions page is displayed.
    5. Provide answers for the three preset questions.
    6. Optional: If you want to set up more questions, click Add question and select them from the menu.
      You can add up to four more questions and cannot select duplicate questions.
    7. Click Save and close.
  3. Modify your security questions.
    1. From your user profile menu, click Profile & Settings.
      Your Profile page is displayed.
    2. Click Security.
    3. Perform two factor authentication if necessary.
      Your Security page is displayed and shows whether you enrolled any devices in IBM Verify.
    4. To change your security questions, click the Edit icon.
      The Change your security questions page is displayed.
    5. Click the answer field that you want to change.
      The field becomes readable when you type your new answer.
    6. Optional: If you selected more questions, you can delete any of those security questions.
      Note: You cannot delete the three preset security questions.
    7. Click Save and close.

Managing your MDM devices

You can view, and delete your devices that are registered to access IBM Verify.

About this task

Devices must be registered through Microsoft Intune or Jamf.

When you delete a device from IBM Verify, it is not deleted from the device manager.

Procedure

  1. From your profile menu, click Profile & settings.
  2. Click the Security tab to view your registered devices.
    Each device is displayed with the following information.
    Compliance state
    The device compliance as provided by Microsoft Intune or Jamf.
    Note: If the device compliance changes from non-compliant to compliant, the user must log in again to access applications that are protected by the compliance state.
    Enrollment date
    The time when the device was enrolled into the MDM provider.
    Last check-in date
    The time when the device last contacted the MDM provider.
    Serial number
    The device serial number.
    Updated as of
    The last known time when IBM Verify fetched the user and device information from Microsoft Intune or Jamf.
    Managed by
    The name of the MDM provider that manages the device.
  3. Optional: Refresh the list of your devices.
  4. Optional: Remove a registered device.
    1. Select the registered device that you want to remove from Verify.
    2. Click the Menu icon and select Remove device.
    3. Confirm that you want to delete the registered device.