Managing securityEdit online Use IBM® Verify to secure your applications. You can control accesses, password policies and sign-in options, identify threats and much more. Managing access policiesYou can create, modify, or delete access policies and the rules for access policies.Managing access policies through APIsAn access policy is a set of rules and conditions that are evaluated to determine the access decision. You can create customized access policies. All customized access policies are displayed as options in the application configuration.Managing portal accessYou can select separate policies to control how users and administrators can access their home pages and the Verify administration console. Configuring your endpoint settingsEndpoint settings strengthen the security of the communication between IBM Verify and your user endpoints. Managing OIDC tokensA token is used to identify and authorize a user, an application, or an API client to access a protected resource. Each token has a configurable expiry attribute to limit the time of unauthorized access when the token is stolen or to determine how often a user can reauthenticate. When the token expires, the authorization is revoked. If you prefer an immediate action, review the applications and API clients with active tokens and revoke their tokens to remove the authorization and require reauthentication on the next access request.Managing API accessAn application programming interface (API) allows an application program to use specific data or functions of another program. IBM Verify APIs can be accessed and used for in-house application development.Managing certificatesCertificates are used to sign, validate, encrypt, and decrypt various objects such as SAML assertions and OAuth and OpenID Connect JSON Web Tokens (JWT).Managing application consentsYou can view the information that a user consented to allow an application to access. If necessary, you can delete that consent.Managing passwordsUse these tasks to ensure that secure passwords are used to access accounts. Managing sign-in optionsYou can specify the identity providers that are available at login for user and administrator work flows in Cloud Identity.Managing threat detectionIBM Verify can analyze and correlate patterns across tenants to detect threat indicators, such as attempts to brute force access, credential stuffing attacks and deviations in established usage patterns. The alerts are available as part of the audit event stream and can be used to take proactive remediation action, such as disabling compromised user accounts or application clients.