What's new
Look here for the new features and other information that is specific to the current release of IBM® Security Verify.
Note: The new features might not be available in your location yet.
January 2025
- The following features are introduced in Flow designer:
- Identity proofing task, a requestable feature - VDEV-33143, enables you to configure an identity proofing flow. See Identity proofing for more details.
- Initiate access request approval, Ask for approval and Complete Approval tasks, requestable features - CI-49772, enables you to create approval-based flows that can be used to process approval for an access request made to a specific application. See Managing tasks for more details.
- Use advanced flow, a requestable feature - CI-49772, enables you to select approval-based published flow that is created using Flow designer to process an access request made to a specific application. See Managing application entitlements (by administrator or application owner) for more details.
- IBM Security Verify Adapters
now support provisioning for more applications. These target applications can now be configured for
provisioning endpoints from IBM Security Verify to the application. These endpoints are managed by
the corresponding Identity Adapters. For more information, see Managing endpoints by identity adapters. Provisioning for the following applications is now supported:
- Microsoft Sharepoint - See Configuring provisioning for Microsoft Sharepoint.
- PeopleTools - See Configuring provisioning for PeopleTools.
- Oracle eBusiness Suite - See Configuring provisioning for Oracle eBusiness Suite.
- Windows Local Account - see Configuring provisioning for Windows Local Account.
- Command Line (CLIx) - See Configuring provisioning for Command Line (CLIx).
- Remedy AR System - See Configuring provisioning for Remedy AR System.
- Siebel JDB - See Configuring provisioning for Siebel JDB.
- Sybase - See Configuring provisioning for Sybase.
- DB2 on z/OS - See Configuring provisioning for DB2 on z/OS.
- CyberArk - See Configuring provisioning for CyberArk.
- RSA Authentication Manager - See Configuring provisioning for RSA Authentication Manager.
- Broadcoms Top Secret on z/OS - See Configuring provisioning for Broadcoms Top Secret on z/OS.
- Broadcoms ACF2 Security for z/OS - See Configuring provisioning for Broadcoms ACF2 Security for z/OS.
- Seven new entitlements are available
- readEmailSuppressionList
- manageEmailSuppressionList
- listSessions
- revokeSessions
- revokeAllSessions
- readSMSProviders
- manageSMSProviders
- IBM Security Verify now supports correlation codes for it's two-factor authentication. See Configuring authentication factors.
- IBM Security Verify now supports using JavaScript to modify templates for branding. See Managing JavaScript templates.
- Updated list of supported application templates. Added support for the following
applications:
- No new applications were added.
- Notifications
-
- Caching changes are being deployed. As a result, changes to OIDC general
settings or Certificates can take up to one minute to take effect in the following endpoints.
- /oidc/endpoint/default/.well-known/openid-configuration
- /v1.0/endpoint/default/.well-known/openid-configuration
- /oauth2/.well-known/openid-configuration
- /oidc/endpoint/default/jwks
- /v1.0/endpoint/default/jwks
- /oauth2/jwks
- New RSA and ECDSA certificates are being issued for *.ice.ibmcloud.com hostnames on 11 February 2025. These certificates are valid from 11 February 2025 and expire on 07 January 2026. See Product requirements.
- Phone numbers and email addresses are partly obscured when presented in 2FA
choice lists in the following on-prem products.
- IBM Security Verify Gateway for Linux PAM 1.0.7
- IBM Security Verify Gateway for AIX PAM 1.0.4
- IBM Security Verify Gateway for RADIUS 1.0.12
- IBM Security Verify Gateway for Windows Login 1.0.11
- The installation process for the following on-prem products removes the access
of Windows Users group from the installation directory.
- IBM Security Verify Bridge 1.0.16
- IBM Security Verify Bridge for Directory Sync 1.0.13
- IBM Security Verify Gateway for RADIUS 1.0.12
- IBM Security Verify Gateway for Windows Login 1.0.11
- New RSA and ECDSA certificates were issued for *.verify.ibm.com hostnames on 05 November 2024. See Product requirements.
- Enhancements were made for password expiration for on-prem agents that use the Verify Bridge to connect with Verify. If password reset is enabled on your Verify tenant and you log in with an expired on-prem password, you are now redirected to the change password flow. If password reset is not enabled for your tenant and you log in with an expired on-prem password, you receive and expired password message instead of an authentication failed message.
- The Subscription Usage Dashboard is currently still in preview mode. Some
inaccuracies were discovered in the usage statistics. The levels of consumption for your
subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
Note: The inaccuracies in the data that is displayed do not affect your billing in any way.
- Caching changes are being deployed. As a result, changes to OIDC general
settings or Certificates can take up to one minute to take effect in the following endpoints.
December 2024
- The ability to customize the email sender and SMS provider is now located under IBM Security Verify notification messages. See Customizing email and SMS providers. . You now also have the ability to use your own SMS provider for
- You can now restrict API client management to specific user populations with a requestable feature, CI-102537. See Managing API clients.
- The following additions are introduced in the Access certification:
- User scoping enhancement (Condition set filter) requestable feature, VDEV-60004 and VDEV-61485, is introduced for Include only selection in User scope step in Access certification.
- A requestable feature, Self, VDEV-41517, is introduced as an option in Select reviewer that allows users to review the entitlements that they are accessing. The option is only applicable for User entitlement and Account entitlement campaigns.
See Creating a campaign for further details.
- IBM Security Verify now
supports client secret rotation. See,
- Managing OpenID Connect and OpenID Connect for Open Banking application API access
- Managing STS clients
- Configuring an identity agent for authentication by using a web service
- Configuring single sign-on in the OpenID Connect for Open Banking applications and Configuring single sign-on in the OpenID Connect application
- Managing API clients.
- The LinkedIn OAuth2.0 login was deprecated by LinkedIn. LinkedIn now requires
an OIDC login. The existing OAuth apps still work, but now you can create LinkedIn OIDC apps only. A
new LinkedIn OIDC identity source type is available. See Configuring your application at LinkedIn and Adding a social identity provider.Note: You can have only one of these types. If you have an existing LinkedIn identity provider, you must remove it before you create a new LinkedIn OIDC type.
- 13 entitlements were added for users and groups
readUsers
,readUsersGroupMembership
,readUsersStandardGroupMembership
,manageUsers
,manageUsersInStandardGroups
,readGroups
,readStandardGroups
,readGroupMembers
,readStandardGroupMembers
,manageGroups
,manageStandardGroups
,manageGroupMembers
, andmanageStandardGroups
. See Access entitlements. - Updated list of supported application templates. Added support for the following
applications:
- HashiCorp Boundary
- Notifications
-
- New RSA and ECDSA certificates are being issued for *.ice.ibmcloud.com hostnames on 11 February 2025. These certificates are valid from 11 February 2025 and expire on 07 January 2026. See Product requirements.
- Phone numbers and email addresses are partly obscured when presented in 2FA
choice lists in the following on-prem products.
- IBM Security Verify Gateway for Linux PAM 1.0.7
- IBM Security Verify Gateway for AIX PAM 1.0.4
- IBM Security Verify Gateway for RADIUS 1.0.12
- IBM Security Verify Gateway for Windows Login 1.0.11
- The installation process for the following on-prem products removes the access
of Windows Users group from the installation directory.
- IBM Security Verify Bridge 1.0.16
- IBM Security Verify Bridge for Directory Sync 1.0.13
- IBM Security Verify Gateway for RADIUS 1.0.12
- IBM Security Verify Gateway for Windows Login 1.0.11
- New RSA and ECDSA certificates are being issued for *.verify.ibm.com hostnames on 05 November 2024. See Product requirements.
- Enhancements were made for password expiration for on-prem agents that use the Verify Bridge to connect with Verify. If password reset is enabled on your Verify tenant and you log in with an expired on-prem password, you are now redirected to the change password flow. If password reset is not enabled for your tenant and you log in with an expired on-prem password, you receive and expired password message instead of an authentication failed message.
- Generic User Count and CSV Download features are now deployed in all environments including Australia, Canada, and Japan. See Generating a users list report and Downloading a CSV report.
- When a POST request is sent to the /oidc/endpoint/default/* and /v1.0/endpoint/default/* endpoints, the parameters must be sent in a POST body and not in the query parameters. Enforcement of this restriction begins 20 July 2024 to ensure that security standards are followed.
- The Subscription Usage Dashboard is currently still in preview mode. Some
inaccuracies were discovered in the usage statistics. The levels of consumption for your
subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
Note: The inaccuracies in the data that is displayed do not affect your billing in any way.
November 2024
- A list of features that you can request is now available. See Requestable features.
- IBM Security Verify Adapter now supports DB2 - v10.0.1 application. For more information, see Managing endpoints by identity adapters. The target applications can now be configured for provisioning endpoints managed by Identity Adapters from IBM Security Verify to the DB2 application. For more information, see Configuring provisioning for DB2.
- IBM Security Verify Adapter now supports iSeries - v10.0.1 application. For more information, see Managing endpoints by identity adapters. The target applications can now be configured for provisioning endpoints managed by Identity Adapters from IBM Security Verify to the iSeries application. For more information, see Configuring provisioning for iSeries.
- IBM Security Verify Adapter now supports SAP User Management Engine - v7.1.8 application. For more information, see Managing endpoints by identity adapters. The target applications can now be configured for provisioning endpoints managed by Identity Adapters from IBM Security Verify to the SAP User Management Engine application. For more information, see Configuring provisioning for SAP User Management Engine.
- IBM Security Verify Adapter now supports SAP HANA - v7.1.5 application. For more information, see Managing endpoints by identity adapters. The target applications can now be configured for provisioning endpoints managed by Identity Adapters from IBM Security Verify to the SAP HANA application. For more information, see Configuring provisioning for SAP HANA.
- Changes were made to the PAM system configuration file for IBM Security Verify
Gateway for Linux and AIX PAM. A new argument
2fa_group={unix_group_name}
was added and a new valuepassword-and-totp-or-device
was added to theauth_method
argument. See The PAM system configuration file. - An AIX example was added for PAM SSH two-factor authentication. See SSH examples that use IBM Verify for Two-Factor Authentication (2FA)
- As a security enhancement, IBM Security Verify requires new entitlements to view
the client secret. See Security updates for entitlements and Access entitlements.Note: To minimize the impact, update your custom admin roles and API clients with the new entitlements according to their needs before the incoming client secret entitlement changes go into effect.
- IBM Security Verify
authentication event attributes added Device trust within
data.subtype
when you generate reports. See Authentication event payload. - The Admin activity report now supports a new event,
consentprovider
. See Admin activity management event detail. - The IBM Security Verify Flow designer now supports Trace view feature that displays trace logs of a published flow to debug Function tasks using a time-bound Trace URL. See Managing Trace view for further details.
- Updated list of supported application templates. Added support for the following
applications:
- No new applications were added.
- Notifications
-
- IBM Security Verify is deprecating capabilities
dependent and associated with X-Force on Dec 2025. The capabilities contain the following:
- IBM X-Force App Exchange
- Within the reports, any report that has Client IP as a source field, the X-Force IP report link to evaluate the threat value of the address
- Phone numbers and email addresses are partly obscured when presented in 2FA
choice lists in the following on-prem products.
- IBM Security Verify Gateway for Linux PAM 1.0.7
- IBM Security Verify Gateway for AIX PAM 1.0.4
- IBM Security Verify Gateway for RADIUS 1.0.12
- IBM Security Verify Gateway for Windows Login 1.0.11
- The installation process for the following on-prem products removes the access
of Windows Users group from the installation directory.
- IBM Security Verify Bridge 1.0.16
- IBM Security Verify Bridge for Directory Sync 1.0.13
- IBM Security Verify Gateway for RADIUS 1.0.12
- IBM Security Verify Gateway for Windows Login 1.0.11
- New RSA and ECDSA certificates are being issued for *.verify.ibm.com hostname on 05 November 2024. See Product requirements.
- Enhancements were made for password expiration for on-prem agents that use the Verify Bridge to connect with Verify. If password reset is enabled on your Verify tenant and you log in with an expired on-prem password, you are now redirected to the change password flow. If password reset is not enabled for your tenant and you log in with an expired on-prem password, you receive and expired password message instead of an authentication failed message.
- Generic User Count and CSV Download features are now deployed in all environments including Australia, Canada, and Japan. See Generating a users list report and Downloading a CSV report.
- When a POST request is sent to the /oidc/endpoint/default/* and /v1.0/endpoint/default/* endpoints, the parameters must be sent in a POST body and not in the query parameters. Enforcement of this restriction begins 20 July 2024 to ensure that security standards are followed.
- The Subscription Usage Dashboard is currently still in preview mode. Some
inaccuracies were discovered in the usage statistics. The levels of consumption for your
subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
Note: The inaccuracies in the data that is displayed do not affect your billing in any way.
- IBM Security Verify is deprecating capabilities
dependent and associated with X-Force on Dec 2025. The capabilities contain the following:
October 2024
No new features were released in October
- Notifications
-
- New RSA and ECDSA certificates are being issued for *.verify.ibm.com hostname on 05 November 2024. See Product requirements.
- Enhancements were made for password expiration for on-prem agents that use the Verify Bridge to connect with Verify. If password reset is enabled on your Verify tenant and you log in with an expired on-prem password, you are now redirected to the change password flow. If password reset is not enabled for your tenant and you log in with an expired on-prem password, you receive and expired password message instead of an authentication failed message.
- Generic User Count and CSV Download features are now deployed in all environments including Australia, Canada, and Japan. See Generating a users list report and Downloading a CSV report.
- When a POST request is sent to the /oidc/endpoint/default/* and /v1.0/endpoint/default/* endpoints, the parameters must be sent in a POST body and not in the query parameters. Enforcement of this restriction begins 20 July 2024 to ensure that security standards are followed.
- The Subscription Usage Dashboard is currently still in preview mode. Some
inaccuracies were discovered in the usage statistics. The levels of consumption for your
subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
Note: The inaccuracies in the data that is displayed do not affect your billing in any way.
September 2024
- The threat detection and remediation features (CI-87303 and CI-86209) are now enabled by default for all tenants. Detect large-scale identity attacks and mitigate them natively by using this threat detection and remediation capability. See Managing threat detection. Also see the threat events in the new threat detection report. For more information, see Generating a threat detection report.
- A requestable feature, Assist me panel, VDEV-52267 or VDEV-60440, can now be opened from the upper-right bar in the Admin panel for user assistance. See User assistance for further details.
- Gen AI capabilities, powered by watsonx, allow admins to offload and optimize human-generated tasks that are involved in IAM management and workflows with a set of pre-trained, AI-powered skills. The admin can interact in natural language by using a dialog interface to get quick, contextual insights or generate configuration. See Gen AI assistant for further details.
- A Notice event payload was added to reports. See Notice events payload.
- The Admin activity report supports a new resource type,
content_security_policy
. See Generating an administrator activity report and Admin activity management event detail. - The Admin activity report supports two new resource types,
content_security_policy
anddevice_certificate
. See Generating an administrator activity report and Admin activity management event detail. - A requestable feature, CI-56222, is now available for the User managers to view and manage other users' access requests in the organization. See Requesting Access for Others for further details.
- Configuration for IBM Security Verify Gateway for RADIUS server now supports
two new "auth-method" types for
clients:[]
,"totp"
and"password-and-totp-or-device"
. Two new configuration values were also added"require-msg-auth": false
and"reject-bad-packet": false
. See "clients":[]. A new"attr":{}
sub item was also added forpolicy:[]
,"regex":false
. See "policy":[]. - The following modifications and additions are introduced in the Access
certification:
- Entitlement scope, VDEV- 41518, requestable feature, is introduced as a step for User entitlement campaign to help define the scope on granular set of entitlements. See Creating a campaign for further details.
- The User scope, Group scope and Account scope gets displayed as individual steps while creating or editing a campaign.
- A requestable feature, CI-141696, allows users to copy Running, Scheduled, Paused and Closed campaigns. See Copying a campaign for further details.
Note: The Entitlement scope and Copy campaign features can be enabled upon request. To request the features, contact your IBM Sales representative or IBM contact and indicate your interest in enabling this capability. You can also create a support ticket if you have the permission. Note that IBM Security Verify trial subscriptions cannot create support tickets. - IBM Security Verify now supports modifying user profile badge pages. See Modify user profile pages.
- IBM Security Verify made updates to User experience. See Customizing a user flow.
- IBM Security Verify Adapter now supports Microsoft SQL2012. For more information, see Managing endpoints by identity adapters. The target applications can now be configured for provisioning endpoints managed by Identity Adapters from IBM Security Verify to the Microsoft SQL application. For more information, see Configuring provisioning for Microsoft SQL.
- Updated list of supported application templates. Added support for the following
applications:
- Hashicorp Cloud Platform
- Notifications
-
- New RSA and ECDSA certificates are being issued for *.verify.ibm.com hostnames on 05 November 2024. See Product requirements.
- Enhancements were made for password expiration for on-prem agents that use the Verify Bridge to connect with Verify. If password reset is enabled on your Verify tenant and you log in with an expired on-prem password, you are now redirected to the change password flow. If password reset is not enabled for your tenant and you log in with an expired on-prem password, you receive and expired password message instead of an authentication failed message.
- Generic User Count and CSV Download features are now deployed in all environments including Australia, Canada, and Japan. See Generating a users list report and Downloading a CSV report.
- When a POST request is sent to the /oidc/endpoint/default/* and /v1.0/endpoint/default/* endpoints, the parameters must be sent in a POST body and not in the query parameters. Enforcement of this restriction begins 20 July 2024 to ensure that security standards are followed.
- The Subscription Usage Dashboard is currently still in preview mode. Some
inaccuracies were discovered in the usage statistics. The levels of consumption for your
subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
Note: The inaccuracies in the data that is displayed do not affect your billing in any way.
August 2024
- No new features were added in August.
- Updated list of supported application templates. Added support for the following
applications:
- No new applications were added.
- Notifications
-
- Generic User Count and CSV Download features are now deployed in all environments including Australia, Canada, and Japan. See Generating a users list report and Downloading a CSV report.
- When a POST request is sent to the /oidc/endpoint/default/* and /v1.0/endpoint/default/* endpoints, the parameters must be sent in a POST body and not in the query parameters. Enforcement of this restriction begins 20 July 2024 to ensure that security standards are followed.
- The Subscription Usage Dashboard is currently still in preview mode. Some
inaccuracies were discovered in the usage statistics. The levels of consumption for your
subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
Note: The inaccuracies in the data that is displayed do not affect your billing in any way.