What's new

Look here for the new features and other information that is specific to the current release of IBM® Security Verify.

Note: The new features might not be available in your location yet.

January 2025

Notifications
  • Caching changes are being deployed. As a result, changes to OIDC general settings or Certificates can take up to one minute to take effect in the following endpoints.
    • /oidc/endpoint/default/.well-known/openid-configuration
    • /v1.0/endpoint/default/.well-known/openid-configuration
    • /oauth2/.well-known/openid-configuration
    • /oidc/endpoint/default/jwks
    • /v1.0/endpoint/default/jwks
    • /oauth2/jwks
  • New RSA and ECDSA certificates are being issued for *.ice.ibmcloud.com hostnames on 11 February 2025. These certificates are valid from 11 February 2025 and expire on 07 January 2026. See Product requirements.
  • Phone numbers and email addresses are partly obscured when presented in 2FA choice lists in the following on-prem products.
    • IBM Security Verify Gateway for Linux PAM 1.0.7
    • IBM Security Verify Gateway for AIX PAM 1.0.4
    • IBM Security Verify Gateway for RADIUS 1.0.12
    • IBM Security Verify Gateway for Windows Login 1.0.11
  • The installation process for the following on-prem products removes the access of Windows Users group from the installation directory.
    • IBM Security Verify Bridge 1.0.16
    • IBM Security Verify Bridge for Directory Sync 1.0.13
    • IBM Security Verify Gateway for RADIUS 1.0.12
    • IBM Security Verify Gateway for Windows Login 1.0.11
  • New RSA and ECDSA certificates were issued for *.verify.ibm.com hostnames on 05 November 2024. See Product requirements.
  • Enhancements were made for password expiration for on-prem agents that use the Verify Bridge to connect with Verify. If password reset is enabled on your Verify tenant and you log in with an expired on-prem password, you are now redirected to the change password flow. If password reset is not enabled for your tenant and you log in with an expired on-prem password, you receive and expired password message instead of an authentication failed message.
  • The Subscription Usage Dashboard is currently still in preview mode. Some inaccuracies were discovered in the usage statistics. The levels of consumption for your subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
    Note: The inaccuracies in the data that is displayed do not affect your billing in any way.

December 2024

Notifications
  • New RSA and ECDSA certificates are being issued for *.ice.ibmcloud.com hostnames on 11 February 2025. These certificates are valid from 11 February 2025 and expire on 07 January 2026. See Product requirements.
  • Phone numbers and email addresses are partly obscured when presented in 2FA choice lists in the following on-prem products.
    • IBM Security Verify Gateway for Linux PAM 1.0.7
    • IBM Security Verify Gateway for AIX PAM 1.0.4
    • IBM Security Verify Gateway for RADIUS 1.0.12
    • IBM Security Verify Gateway for Windows Login 1.0.11
  • The installation process for the following on-prem products removes the access of Windows Users group from the installation directory.
    • IBM Security Verify Bridge 1.0.16
    • IBM Security Verify Bridge for Directory Sync 1.0.13
    • IBM Security Verify Gateway for RADIUS 1.0.12
    • IBM Security Verify Gateway for Windows Login 1.0.11
  • New RSA and ECDSA certificates are being issued for *.verify.ibm.com hostnames on 05 November 2024. See Product requirements.
  • Enhancements were made for password expiration for on-prem agents that use the Verify Bridge to connect with Verify. If password reset is enabled on your Verify tenant and you log in with an expired on-prem password, you are now redirected to the change password flow. If password reset is not enabled for your tenant and you log in with an expired on-prem password, you receive and expired password message instead of an authentication failed message.
  • Generic User Count and CSV Download features are now deployed in all environments including Australia, Canada, and Japan. See Generating a users list report and Downloading a CSV report.
  • When a POST request is sent to the /oidc/endpoint/default/* and /v1.0/endpoint/default/* endpoints, the parameters must be sent in a POST body and not in the query parameters. Enforcement of this restriction begins 20 July 2024 to ensure that security standards are followed.
  • The Subscription Usage Dashboard is currently still in preview mode. Some inaccuracies were discovered in the usage statistics. The levels of consumption for your subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
    Note: The inaccuracies in the data that is displayed do not affect your billing in any way.

November 2024

Notifications
  • IBM Security Verify is deprecating capabilities dependent and associated with X-Force on Dec 2025. The capabilities contain the following:
    • IBM X-Force App Exchange
    • Within the reports, any report that has Client IP as a source field, the X-Force IP report link to evaluate the threat value of the address
  • Phone numbers and email addresses are partly obscured when presented in 2FA choice lists in the following on-prem products.
    • IBM Security Verify Gateway for Linux PAM 1.0.7
    • IBM Security Verify Gateway for AIX PAM 1.0.4
    • IBM Security Verify Gateway for RADIUS 1.0.12
    • IBM Security Verify Gateway for Windows Login 1.0.11
  • The installation process for the following on-prem products removes the access of Windows Users group from the installation directory.
    • IBM Security Verify Bridge 1.0.16
    • IBM Security Verify Bridge for Directory Sync 1.0.13
    • IBM Security Verify Gateway for RADIUS 1.0.12
    • IBM Security Verify Gateway for Windows Login 1.0.11
  • New RSA and ECDSA certificates are being issued for *.verify.ibm.com hostname on 05 November 2024. See Product requirements.
  • Enhancements were made for password expiration for on-prem agents that use the Verify Bridge to connect with Verify. If password reset is enabled on your Verify tenant and you log in with an expired on-prem password, you are now redirected to the change password flow. If password reset is not enabled for your tenant and you log in with an expired on-prem password, you receive and expired password message instead of an authentication failed message.
  • Generic User Count and CSV Download features are now deployed in all environments including Australia, Canada, and Japan. See Generating a users list report and Downloading a CSV report.
  • When a POST request is sent to the /oidc/endpoint/default/* and /v1.0/endpoint/default/* endpoints, the parameters must be sent in a POST body and not in the query parameters. Enforcement of this restriction begins 20 July 2024 to ensure that security standards are followed.
  • The Subscription Usage Dashboard is currently still in preview mode. Some inaccuracies were discovered in the usage statistics. The levels of consumption for your subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
    Note: The inaccuracies in the data that is displayed do not affect your billing in any way.

October 2024

No new features were released in October

Notifications
  • New RSA and ECDSA certificates are being issued for *.verify.ibm.com hostname on 05 November 2024. See Product requirements.
  • Enhancements were made for password expiration for on-prem agents that use the Verify Bridge to connect with Verify. If password reset is enabled on your Verify tenant and you log in with an expired on-prem password, you are now redirected to the change password flow. If password reset is not enabled for your tenant and you log in with an expired on-prem password, you receive and expired password message instead of an authentication failed message.
  • Generic User Count and CSV Download features are now deployed in all environments including Australia, Canada, and Japan. See Generating a users list report and Downloading a CSV report.
  • When a POST request is sent to the /oidc/endpoint/default/* and /v1.0/endpoint/default/* endpoints, the parameters must be sent in a POST body and not in the query parameters. Enforcement of this restriction begins 20 July 2024 to ensure that security standards are followed.
  • The Subscription Usage Dashboard is currently still in preview mode. Some inaccuracies were discovered in the usage statistics. The levels of consumption for your subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
    Note: The inaccuracies in the data that is displayed do not affect your billing in any way.

September 2024

  • The threat detection and remediation features (CI-87303 and CI-86209) are now enabled by default for all tenants. Detect large-scale identity attacks and mitigate them natively by using this threat detection and remediation capability. See Managing threat detection. Also see the threat events in the new threat detection report. For more information, see Generating a threat detection report.
  • A requestable feature, Assist me panel, VDEV-52267 or VDEV-60440, can now be opened from the upper-right bar in the Admin panel for user assistance. See User assistance for further details.
  • Gen AI capabilities, powered by watsonx, allow admins to offload and optimize human-generated tasks that are involved in IAM management and workflows with a set of pre-trained, AI-powered skills. The admin can interact in natural language by using a dialog interface to get quick, contextual insights or generate configuration. See Gen AI assistant for further details.
  • A Notice event payload was added to reports. See Notice events payload.
  • The Admin activity report supports a new resource type, content_security_policy. See Generating an administrator activity report and Admin activity management event detail.
  • The Admin activity report supports two new resource types, content_security_policy and device_certificate. See Generating an administrator activity report and Admin activity management event detail.
  • A requestable feature, CI-56222, is now available for the User managers to view and manage other users' access requests in the organization. See Requesting Access for Others for further details.
  • Configuration for IBM Security Verify Gateway for RADIUS server now supports two new "auth-method" types for clients:[], "totp" and "password-and-totp-or-device". Two new configuration values were also added "require-msg-auth": false and "reject-bad-packet": false. See "clients":[]. A new "attr":{} sub item was also added for policy:[], "regex":false. See "policy":[].
  • The following modifications and additions are introduced in the Access certification:
    • Entitlement scope, VDEV- 41518, requestable feature, is introduced as a step for User entitlement campaign to help define the scope on granular set of entitlements. See Creating a campaign for further details.
    • The User scope, Group scope and Account scope gets displayed as individual steps while creating or editing a campaign.
    • A requestable feature, CI-141696, allows users to copy Running, Scheduled, Paused and Closed campaigns. See Copying a campaign for further details.
    Note: The Entitlement scope and Copy campaign features can be enabled upon request. To request the features, contact your IBM Sales representative or IBM contact and indicate your interest in enabling this capability. You can also create a support ticket if you have the permission. Note that IBM Security Verify trial subscriptions cannot create support tickets.
  • IBM Security Verify now supports modifying user profile badge pages. See Modify user profile pages.
  • IBM Security Verify made updates to User experience. See Customizing a user flow.
  • IBM Security Verify Adapter now supports Microsoft SQL2012. For more information, see Managing endpoints by identity adapters. The target applications can now be configured for provisioning endpoints managed by Identity Adapters from IBM Security Verify to the Microsoft SQL application. For more information, see Configuring provisioning for Microsoft SQL.
  • Updated list of supported application templates. Added support for the following applications:
    • Hashicorp Cloud Platform
    See Supported connectors for applications.
Notifications
  • New RSA and ECDSA certificates are being issued for *.verify.ibm.com hostnames on 05 November 2024. See Product requirements.
  • Enhancements were made for password expiration for on-prem agents that use the Verify Bridge to connect with Verify. If password reset is enabled on your Verify tenant and you log in with an expired on-prem password, you are now redirected to the change password flow. If password reset is not enabled for your tenant and you log in with an expired on-prem password, you receive and expired password message instead of an authentication failed message.
  • Generic User Count and CSV Download features are now deployed in all environments including Australia, Canada, and Japan. See Generating a users list report and Downloading a CSV report.
  • When a POST request is sent to the /oidc/endpoint/default/* and /v1.0/endpoint/default/* endpoints, the parameters must be sent in a POST body and not in the query parameters. Enforcement of this restriction begins 20 July 2024 to ensure that security standards are followed.
  • The Subscription Usage Dashboard is currently still in preview mode. Some inaccuracies were discovered in the usage statistics. The levels of consumption for your subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
    Note: The inaccuracies in the data that is displayed do not affect your billing in any way.

August 2024

  • No new features were added in August.
  • Updated list of supported application templates. Added support for the following applications:
    • No new applications were added.
    See Supported connectors for applications.
Notifications
  • Generic User Count and CSV Download features are now deployed in all environments including Australia, Canada, and Japan. See Generating a users list report and Downloading a CSV report.
  • When a POST request is sent to the /oidc/endpoint/default/* and /v1.0/endpoint/default/* endpoints, the parameters must be sent in a POST body and not in the query parameters. Enforcement of this restriction begins 20 July 2024 to ensure that security standards are followed.
  • The Subscription Usage Dashboard is currently still in preview mode. Some inaccuracies were discovered in the usage statistics. The levels of consumption for your subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
    Note: The inaccuracies in the data that is displayed do not affect your billing in any way.