What's new

Look here for the new features and other information that is specific to the current release of IBM® Security Verify.

Note: The new features might not be available in your location yet.

September 2022

Notifications
  • IBM Security Verify now supports Security Verify Adapter v.10.0.5 for IBM Security Verify Access. It needs additional configuration. See, https://www.ibm.com/support/pages/system/files/inline-files/ReleaseNotes-IBMSecurityVerifyAccess-10.0.5_0.html.
  • An enhancement to the default OAuth bearer token length will be increased. OpenID Connect Relying Party (RP) clients should allow at least 256-character-length tokens. As a recommendation, is imperative to design the token storage for much larger token sizes, so the JWT-format tokens would fit as well. This change will be release from 1 November 2022.
  • A change to simplify social provider-based SSO sessions management is coming. This change impacts only users that use the same browser session to log in to applications with different identity providers through IBM Security Verify.
    • Today, SSO sessions for social providers are maintained per identity provider on the web browser. For example, if a user authenticates with the Google social provider, any applications that are configured with the Google social provider use that SSO session for the entirety of the browser session. It does not change even if the user authenticates with a different identity source in the same browser.
    • With this change, only a single SSO session is maintained on the web browser. A user who logs in to Google can continue to single sign-on to different applications that are configured to use Google as an identity source. However, if the user logs in to a different application by using Cloud Directory, the user goes through a Google authentication process if they later use an application that is configured to use Google as an identity source.
  • Second factor enrollment currently supports limited options customize the user experience. A complete set of new template pages is being made available to allow for greater customization. You can opt in for full branding capabilities (by using techniques that are described in Managing the user experience > Managing branding) by contacting the IBM Support team to enable this feature for your tenant.
    Note: The CSS classes that are used in the new pages differ from the current pages. If you are using CSS customization for the current experience, the migration must be done manually.
    Starting in July 2022, these pages are enabled for all tenants.
  • To align to the latest, secure hashing implementations and reduce the vulnerability to brute-force attacks, existing Verify SaaS tenant Cloud Directory passwords are now being stored with the SSHA512 hashing algorithm. For new tenants, or any change to a user's password on an existing tenant, the Verify SaaS Cloud Directory passwords are stored with the PBKDF2 hashing algorithm.
  • As of April 2022, IBM Security Verify no longer supports ZenKey as an out of the box identity provider. If you have any issues or concern, contact our support team. After April 2022, if a continued need exists, use an OIDC Enterprise-configured identity provider to provide support for Zenkey as an identity provider.
  • Starting July 2022, IBM Security Verify will no longer ask the user to consent to entitlements on the OpenID Connect consent page. The entitlements will always be granted. Applications that were relying on this consent to enable or disable functionality in their custom applications must now use scope instead.
  • Some v1.0 APIs that are related to branding for uploading and downloading templates are now deprecated and will be removed after June 2023. Your branding will not change. Enhanced and easier-to-use replacements are already available. Visit Migrating from templates to themes.

August 2022

  • With the deprecation of consent management endpoints /v1.0/appconsents, /v1.0/userconsents, and /v1.0/consents, application consents will be automatically migrated over to the new consent management endpoint /config/v1.0/privacy/consents. See Deprecated APIs. To trigger this migration early, go to your application’s settings and click the Migrate button in the “Consent settings” section. See Migrating user consents.
  • IBM Security Verify now provides an improved REST API release to configure the authentication factor behavior in the application. The procedure involves: email OTP, SMS OTP and TOTP, enhancing the robustness and the security on the endpoints. See Configuring authentication factors
  • On-prem LDAP identity providers now support username recovery. See Configuring an on-prem LDAP provider
  • Updated list of supported application templates. Added support for the following applications:
    • Perdoo
    • Verkada
    See Supported connectors for applications.
Notifications
  • For security reasons, IBM Security Verify is no longer supporting email and SMS sender customizations for new trial tenants.
  • Second factor enrollment currently supports limited options to customize the user experience. A complete set of new template pages is being made available to allow for greater customization. You can opt in for full branding capabilities (by using techniques that are described in Managing the user experience > Managing branding) by contacting the IBM Support team to enable this feature for your tenant.
    Note: The CSS classes that are used in the new pages differ from the current pages. If you are using CSS customization for the current experience, the migration must be done manually.
    Starting in July 2022, these pages are enabled for all tenants.
  • To align to the latest, secure hashing implementations and reduce the vulnerability to brute-force attacks, existing Verify SaaS tenant Cloud Directory passwords are now being stored with the SSHA512 hashing algorithm. For new tenants, or any change to a user's password on an existing tenant, the Verify SaaS Cloud Directory passwords are stored with the PBKDF2 hashing algorithm.
  • As of June 2023 IBM Security Verify no longer supports branding with templates. You must update your branding to use themes before then. See Migrating from templates to themes.
  • As of April 2022, IBM Security Verify no longer supports ZenKey as an out of the box identity provider. If you have any issues or concern, contact our support team. After April 2022, if a continued need exists, use an OIDC Enterprise-configured identity provider to provide support for Zenkey as an identity provider.
  • Starting July 2022, IBM Security Verify will no longer ask the user to consent to entitlements on the OpenID Connect consent page. The entitlements will always be granted. Applications that were relying on this consent to enable or disable functionality in their custom applications must now use scope instead.
  • On 07 October 2021 IBM Security Verify added a restriction on concurrent browser login sessions for a user. A typical user will not encounter this limit error. If monitor scripts are simulating a user login, you must modify them to explicitly logout by navigating to:
    https://{{tenant}}/idaas/mtfim/sps/idaas/logout
  • IBM Security Verify continually enhances its password security policy. You might encounter some changes in its behavior.
  • Some v1.0 APIs that are related to branding for uploading and downloading templates are now deprecated and will be removed after June 2023. Your branding will not change. Enhanced and easier-to-use replacements are already available. See Migrating from templates to themes.

July 2022

Various performance improvements were addressed.

June 2022

Notifications
  • For security reasons, IBM Security Verify is no longer supporting email and SMS sender customizations for new trial tenants.
  • Second factor enrollment currently supports limited options to customize the user experience. A complete set of new template pages is being made available to allow for greater customization. You can opt in for full branding capabilities (by using techniques that are described in Managing the user experience > Managing branding) by contacting the IBM Support team to enable this feature for your tenant.
    Note: The CSS classes that are used in the new pages differ from the current pages. If you are using CSS customization for the current experience, the migration must be done manually.
    Starting in July 2022, these pages are enabled for all tenants.
  • To align to the latest, secure hashing implementations and reduce the vulnerability to brute-force attacks, existing Verify SaaS tenant Cloud Directory passwords are now being stored with the SSHA512 hashing algorithm. For new tenants, or any change to a user's password on an existing tenant, the Verify SaaS Cloud Directory passwords are stored with the PBKDF2 hashing algorithm.
  • As of June 2023 IBM Security Verify no longer supports branding with templates. You must update your branding to use themes before then. See Migrating from templates to themes.
  • As of April 2022, IBM Security Verify no longer supports ZenKey as an out of the box identity provider. If you have any issues or concern, contact our support team. After April 2022, if a continued need exists, use an OIDC Enterprise-configured identity provider to provide support for Zenkey as an identity provider.
  • Starting July 2022, IBM Security Verify will no longer ask the user to consent to entitlements on the OpenID Connect consent page. The entitlements will always be granted. Applications that were relying on this consent to enable or disable functionality in their custom applications must now use scope instead.
  • On 07 October 2021 IBM Security Verify added a restriction on concurrent browser login sessions for a user. A typical user will not encounter this limit error. If monitor scripts are simulating a user login, you must modify them to explicitly logout by navigating to:
    https://{{tenant}}/idaas/mtfim/sps/idaas/logout
  • IBM Security Verify continually enhances its password security policy. You might encounter some changes in its behavior.
  • Some v1.0 APIs that are related to branding for uploading and downloading templates are now deprecated and will be removed after June 2023. Your branding will not change. Enhanced and easier-to-use replacements are already available. See Migrating from templates to themes.

May 2022

Notifications
  • For security reasons, IBM Security Verify is no longer supporting email and SMS sender customizations for new trial tenants.
  • Second factor enrollment currently supports limited options to customize the user experience. A complete set of new template pages are being made available to allow for greater customization. You may opt in for full branding capabilities (by using techniques that are described in Managing the user experience > Managing branding) by contacting the IBM Support team to enable this feature for your tenant.
    Note: The CSS classes that are used in the new pages differ from the current pages. If you are using CSS customization for the current experience, the migration must be done manually.
    Starting in July 2022, these pages are enabled for all tenants.
  • To align to the latest, secure hashing implementations and reduce the vulnerability to brute-force attacks, existing Verify SaaS tenant Cloud Directory passwords are now being stored with the SSHA512 hashing algorithm. For new tenants, or any change to a user's password on an existing tenant, the Verify SaaS Cloud Directory passwords are stored with the PBKDF2 hashing algorithm.
  • As of April 2022, IBM Security Verify no longer supports ZenKey as an out of the box identity provider. If you have any issues or concern, contact our support team. After April 2022, if a continued need exists, use an OIDC Enterprise-configured identity provider to provide support for Zenkey as an identity provider.
  • Starting July 2022, IBM Security Verify will no longer ask the user to consent to entitlements on the OpenID Connect consent page. The entitlements will always be granted. Applications that were relying on this consent to enable or disable functionality in their custom applications must now use scope instead.
  • On 07 October 2021 IBM Security Verify added a restriction on concurrent browser login sessions for a user. A typical user will not encounter this limit error. If monitor scripts are simulating a user login, you must modify them to explicitly logout by navigating to:
    https://{{tenant}}/idaas/mtfim/sps/idaas/logout
  • IBM Security Verify continually enhances its password security policy. You might encounter some changes in its behavior.
  • Some v1.0 APIs that are related to branding for uploading and downloading templates are now deprecated and will be removed after June 2023. Your branding will not change. Enhanced and easier-to-use replacements are already available. See Migrating from templates to themes.

April 2022

Notifications
  • As of April 2022, IBM Security Verify no longer supports ZenKey as an out of the box identity provider. If you have any issues or concern, contact our support team. After April 2022, if a continued need exists, use an OIDC Enterprise-configured identity provider to provide support for Zenkey as an identity provider.
  • Starting in July 2022, a new inline branding flow, in which all pages are brand-able, is mandatory. In this flow, depending on the configuration, new users are redirected to set up two-factor authentication. Current IBM Security Verify customers can contact the IBM Support team and proactively move to the new inline branding flow before it becomes mandatory.
  • Starting July 2022, IBM Security Verify will no longer ask the user to consent to entitlements on the OpenID Connect consent page. The entitlements will always be granted. Applications that were relying on this consent to enable or disable functionality in their custom applications must now use scope instead.
  • On 07 October 2021 IBM Security Verify added a restriction on concurrent browser login sessions for a user. A typical user will not encounter this limit error. If monitor scripts are simulating a user login, you must modify them to explicitly logout by navigating to:
    https://{{tenant}}/idaas/mtfim/sps/idaas/logout
  • IBM Security Verify continually enhances its password security policy. You might encounter some changes in its behavior.
  • Some v1.0 APIs that are related to multi-factor authentication were deprecated in December 2021. Enhanced and easier-to-use replacements are already available. See Deprecated APIs.
  • Some v1.0 APIs that are related to branding for uploading and downloading templates are now deprecated and will be removed after June 2023. Your branding will not change. Enhanced and easier-to-use replacements are already available. See Migrating from templates to themes.

March 2022

Notifications
  • Some v1.0 APIs that are related to branding for uploading and downloading templates are now deprecated and will be removed after June 2023. Your branding will not change. Enhanced and easier-to-use replacements are already available. See Migrating from templates to themes.
  • Starting in July 2022, a new inline branding flow, in which all pages are brand-able, is mandatory. In this flow, depending on the configuration, new users are redirected to set up two-factor authentication. Current IBM Security Verify customers can contact the IBM Support team and proactively move to the new inline branding flow before it becomes mandatory.
  • Starting July 2022, IBM Security Verify will no longer ask the user to consent to entitlements on the OpenID Connect consent page. The entitlements will always be granted. Applications that were relying on this consent to enable or disable functionality in their custom applications must now use scope instead.
  • On 07 October 2021 IBM Security Verify added a restriction on concurrent browser login sessions for a user. A typical user will not encounter this limit error. If monitor scripts are simulating a user login, you must modify them to explicitly logout by navigating to:
    https://{{tenant}}/idaas/mtfim/sps/idaas/logout
  • IBM Security Verify continually enhances its password security policy. You might encounter some changes in its behavior.