What's new

Edit online

Find the latest updates, new features, and release-specific details for IBM® Verify here.

Note: The new features might not be available in your location yet.

December 2025

Notifications
  • New certificates are being issued for tenant hostnames *.ice.ibmcloud.com. They are effective 19 November 2025 through 15 October 2026. See The new RSA and ECDSA certificates for *.ice.ibmcloud.com hostnames.
  • IBM is implementing backend changes to the following OpenID Connect (OIDC) endpoints.
    • /v1.0/endpoint/default/*
    • /oidc/endpoint/default/*
    The changes are deployed to certain data centers, while implementation for others is still pending.
    • Australia data centers
    • US data centers - 14 October 2025
    • Canada data centers - 16 December 2025
    • Europe, Japan, US SL2 - Pending
    No disruption is expected for existing /oauth2/* endpoint users. For more information about the changes, see OpenID Connect implementation notes. If you have any concerns, open a support ticket.
  • Some password policy APIs are being deprecated. The end of life is 31 July 2027. See Deprecated APIs for more details.
  • IBM Verify is deprecating capabilities dependent and associated with X-Force on Dec 2025. The capabilities contain the following:
    • IBM X-Force App Exchange
    • Within the reports, any report that has Client IP as a source field, the X-Force IP report link to evaluate the threat value of the address
  • The adaptive access feature is not supported in a FedRAMP environment.
  • Certification campaign v1.0 APIs are deprecated. The end of life is 31 December 2025. See Deprecated APIs for more details.
  • The design system for the IBM Verify Admin UI is being upgraded in an upcoming release. The latest version of the Carbon design component library improves accessibility and loading times. These behind-the-scenes changes provide developers with access to the latest tools. You might notice changes in colors, spacing, or size as the design is standardized.
  • The Subscription Usage Dashboard is currently still in preview mode. Some inaccuracies were discovered in the usage statistics. The levels of consumption for your subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
    Note: The inaccuracies in the data that is displayed do not affect your billing in any way.

November 2025

  • You can now use just-in-time provisioning to migrate user passwords from an on-prem LDAP identity provider to the IBM Verify Cloud Directory. See Configuring an on-perm LDAP provider.
  • A requestable feature Verifiable links (CI-66673) establishes digital trust between a websites and a mobile app can be applied to your application settings. See Verifiable links.
  • IBM Verify now supports creating campaigns for group memberships. For more information, see Creating a campaign.
  • User profile updates performed during account synchronization remediation do not trigger email notifications.
  • Updated list of supported application templates. Added support for the following applications:
    • None
    See Supported connectors for applications.
Notifications
  • New certificates are being issued for tenant hostnames *.ice.ibmcloud.com. They are effective 19 November 2025 through 15 October 2026. See The new RSA and ECDSA certificates for *.ice.ibmcloud.com hostnames.
  • IBM is implementing backend changes to the following OpenID Connect (OIDC) endpoints.
    • /v1.0/endpoint/default/*
    • /oidc/endpoint/default/*
    These changes are scheduled to roll out on 14 October 2025 in the US data center with other data centers later.
    • Europe data centers - 20 October 2025
    • Japan, Canada, and Australia - Pending
    • US SL2 - Pending
    No disruption is expected for existing /oauth2/* endpoint users. For more information about the changes, see OpenID Connect implementation notes. If you have any concerns, open a support ticket.
  • Some password policy APIs are being deprecated. The end of life is 31 July 2027. See Deprecated APIs for more details.
  • IBM Verify is deprecating capabilities dependent and associated with X-Force on Dec 2025. The capabilities contain the following:
    • IBM X-Force App Exchange
    • Within the reports, any report that has Client IP as a source field, the X-Force IP report link to evaluate the threat value of the address
  • The adaptive access feature is not supported in a FedRAMP environment.
  • Certification campaign v1.0 APIs are deprecated. The end of life is 31 December 2025. See Deprecated APIs for more details.
  • The design system for the IBM Verify Admin UI is being upgraded in an upcoming release. The latest version of the Carbon design component library improves accessibility and loading times. These behind-the-scenes changes provide developers with access to the latest tools. You might notice changes in colors, spacing, or size as the design is standardized.
  • The Subscription Usage Dashboard is currently still in preview mode. Some inaccuracies were discovered in the usage statistics. The levels of consumption for your subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
    Note: The inaccuracies in the data that is displayed do not affect your billing in any way.

October 2025

  • The ZScaler Private Access application now facilitates user account synchronization, remediation capabilities, and group synchronization. See ZScaler Private Access account synchronization for more details.
  • Verify now includes external MFA enrollments towards the total minimum required enrollments. See Selecting multiple MFAs for more details.
  • You can now use themes to customize the header and footer of your user launchpad. See Global elements.
  • You can now add tags to your API clients to increase their search ability. See API client tags.
  • You can now set the length of OIDC client secrets to meet the standards of the National Institute of Standards and Technology (NIST). See Client secret length
  • Updated list of supported application templates. Added support for the following applications:
    • None
    See Supported connectors for applications.
Notifications
  • New certificates are being issued for tenant hostnames *.ice.ibmcloud.com. They are effective 19 November 2025 through 15 October 2026. See The new RSA and ECDSA certificates for *.ice.ibmcloud.com hostnames.
  • IBM is implementing backend changes to the following OpenID Connect (OIDC) endpoints.
    • /v1.0/endpoint/default/*
    • /oidc/endpoint/default/*
    These changes are scheduled to roll out on 14 October 2025 in the US data center with other data centers later.
    • Europe data centers - 20 October 2025
    • Japan, Canada, and Australia - Pending
    • US SL2 - Pending
    No disruption is expected for existing /oauth2/* endpoint users. For more information about the changes, see OpenID Connect implementation notes. If you have any concerns, open a support ticket.
  • Some password policy APIs are being deprecated. The end of life is 31 July 2027. See Deprecated APIs for more details.
  • IBM Verify is deprecating capabilities dependent and associated with X-Force on Dec 2025. The capabilities contain the following:
    • IBM X-Force App Exchange
    • Within the reports, any report that has Client IP as a source field, the X-Force IP report link to evaluate the threat value of the address
  • The adaptive access feature is not supported in a FedRAMP environment.
  • Certification campaign v1.0 APIs are deprecated. The end of life is 31 December 2025. See Deprecated APIs for more details.
  • The design system for the IBM Verify Admin UI is being upgraded in an upcoming release. The latest version of the Carbon design component library improves accessibility and loading times. These behind-the-scenes changes provide developers with access to the latest tools. You might notice changes in colors, spacing, or size as the design is standardized.
  • The Subscription Usage Dashboard is currently still in preview mode. Some inaccuracies were discovered in the usage statistics. The levels of consumption for your subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
    Note: The inaccuracies in the data that is displayed do not affect your billing in any way.

September 2025

  • A topic was added that lists the egress internet protocols for IBM Verify. If your network restricts inbound traffic, you might need to allow these IPs through your firewall to ensure successful communication. See Egress internet protocol addresses (IPs) for IBM Verify.
  • The user interlace for managing password intelligence was updated. You can now create a custom password intelligence policy that can be assigned to identity providers that support such policies. See Managing password intelligence.
  • The user interface for application gateways was updated. You can now configure and manage your application gateway instances and check the health of those instances from the IBM Verify administration console. See Creating an application gateway, Generating an agent health report, and Agent health events payload.
  • Administrators can now define claims on the scopes that are used by OAuth2-OIDC clients, so that they only need to be defined once in the system for all clients. In OIDC General settings , see the new field Scopes to claims mapping and Require consent.
  • IBM Verify now supports customizing the login test page for your business. See Modify login test page for more details.
  • You can now use privacy profiles to simplify EULA and purpose enforcement for SAML-based apps. You can designate a profile that applies to all your SAML applications by using Application settings, see Configuring SAML general settings. While this profile becomes the default privacy profile for your SAML apps, it can be overridden at the application level for applications that have different privacy requirements by using the Privacy tab, see privacy settings.
  • IBM Verify now supports customizing the consent collection page for your business. See Modify consent collection page for more details.
  • Updated list of supported application templates. Added support for the following applications:
    • None
    See Supported connectors for applications.
Notifications
  • New certificates Are being issued for tenant hostnames *.ice.ibmcloud.com. They are effective 19 September 2025 through 19 August 2026. See *.ice.ibmcloud.com certificates.
  • Some password policy APIs are being deprecated. The end of life is 31 July 2027. See Deprecated APIs for more details.
  • The product name is changed. IBM Security Verify is now IBM Verify.
  • IBM Verify is deprecating capabilities dependent and associated with X-Force on Dec 2025. The capabilities contain the following:
    • IBM X-Force App Exchange
    • Within the reports, any report that has Client IP as a source field, the X-Force IP report link to evaluate the threat value of the address
  • The adaptive access feature is not supported in a FedRAMP environment.
  • Certification campaign v1.0 APIs are deprecated. The end of life is 31 December 2025. See Deprecated APIs for more details.
  • The design system for the IBM Verify Admin UI is being upgraded in an upcoming release. The latest version of the Carbon design component library improves accessibility and loading times. These behind-the-scenes changes provide developers with access to the latest tools. You might notice changes in colors, spacing, or size as the design is standardized.
  • Dynamic roles are being replaced by Dynamic groups. With this transition, the IBM Verify is going to handle the following changes for you:
    • Application dynamic roles are going to be migrated to a new dynamic groups page, preserving any existing associations with applications.
    • The existing Administrator dynamic roles are going to be transformed into Regular administrator roles, preserving their role composition. A new Dynamic group, bearing the same name as the administrator role is created with the existing condition sets and memberships. The new created dynamic group is then associated with the corresponding regular administrator role. The existing administrator entitlements that are granted to dynamic role members remain intact.
  • As part of the transition from Dynamic roles to Dynamic groups, the v1.0 APIs for administrator and application dynamic roles are deprecated. The end of life is 01 July 2026. See Administrator dynamic role APIs and Application dynamic role APIs for more details.
  • Upcoming changes to OpenID Connect support require changes in existing applications that use OpenID Connect Single sign-on. See OpenID Connect implementation notes.
  • The Subscription Usage Dashboard is currently still in preview mode. Some inaccuracies were discovered in the usage statistics. The levels of consumption for your subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
    Note: The inaccuracies in the data that is displayed do not affect your billing in any way.

August 2025

  • After you configure a SAML or an OIDC identity provider on your tenant, you can now test and validate its configuration. See Test your OIDC or SAML identity provider endpoint.
  • Dynamic roles are being replaced by Dynamic groups. In addition to supporting all the features of dynamic role, the requestable feature - Dynamic group (Beta CI-46644), enables fine grained permission provisioning on target. See Managing dynamic groups for more details. The application and administrator dynamic roles are migrated to dynamic group in the following way:
    • Application dynamic roles are migrated to the dynamic groups page, preserving any existing associations with applications.
    • The existing Administrator dynamic roles are transformed into Regular administrator roles, preserving their role composition. A new Dynamic group, bearing the same name as the administrator role is created with the existing condition sets and memberships. The new created dynamic group is then associated with the corresponding regular administrator role. The existing administrator entitlements that are granted to dynamic role members remain intact.
  • Updated list of supported application templates. Added support for the following applications:
    • None
    See Supported connectors for applications.
Notifications
  • New certificates Are being issued for tenant hostnames *.verify.ibm.com. They are effective 19 September 2025 through 19 August 2026. See *.verify.ibm.com certificates.
  • Some password policy APIs are being deprecated. The end of life is 31 July 2027. See Deprecated APIs for more details.
  • The product name is changed. IBM Security Verify is now IBM Verify.
  • IBM Verify is deprecating capabilities dependent and associated with X-Force on Dec 2025. The capabilities contain the following:
    • IBM X-Force App Exchange
    • Within the reports, any report that has Client IP as a source field, the X-Force IP report link to evaluate the threat value of the address
  • The adaptive access feature is not supported in a FedRAMP environment.
  • Certification campaign v1.0 APIs are deprecated. The end of life is 31 December 2025. See Deprecated APIs for more details.
  • The design system for the IBM Verify Admin UI is being upgraded in an upcoming release. The latest version of the Carbon design component library improves accessibility and loading times. These behind-the-scenes changes provide developers with access to the latest tools. You might notice changes in colors, spacing, or size as the design is standardized.
  • Dynamic roles are being replaced by Dynamic groups. With this transition, the IBM Verify is going to handle the following changes for you:
    • Application dynamic roles are going to be migrated to a new dynamic groups page, preserving any existing associations with applications.
    • The existing Administrator dynamic roles are going to be transformed into Regular administrator roles, preserving their role composition. A new Dynamic group, bearing the same name as the administrator role is created with the existing condition sets and memberships. The new created dynamic group is then associated with the corresponding regular administrator role. The existing administrator entitlements that are granted to dynamic role members remain intact.
  • As part of the transition from Dynamic roles to Dynamic groups, the v1.0 APIs for administrator and application dynamic roles are deprecated. The end of life is 01 July 2026. See Administrator dynamic role APIs and Application dynamic role APIs for more details.
  • Upcoming changes to OpenID Connect support require changes in existing applications that use OpenID Connect Single sign-on. See OpenID Connect implementation notes.
  • The Subscription Usage Dashboard is currently still in preview mode. Some inaccuracies were discovered in the usage statistics. The levels of consumption for your subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
    Note: The inaccuracies in the data that is displayed do not affect your billing in any way.

July 2025

Notifications
  • IBM Verify is deprecating capabilities dependent and associated with X-Force on Dec 2025. The capabilities contain the following:
    • IBM X-Force App Exchange
    • Within the reports, any report that has Client IP as a source field, the X-Force IP report link to evaluate the threat value of the address
  • The adaptive access feature is not supported in a FedRAMP environment.
  • Some password policy APIs are being deprecated. The end of life is 31 July 2027. See Deprecated APIs for more details.
  • The product name is changed. IBM Security Verify is now IBM Verify.
  • Certification campaign v1.0 APIs are deprecated. The end of life is 31 December 2025. See Deprecated APIs for more details.
  • The design system for the IBM Verify Admin UI is being upgraded in an upcoming release. The latest version of the Carbon design component library improves accessibility and loading times. These behind-the-scenes changes provide developers with access to the latest tools. You might notice changes in colors, spacing, or size as the design is standardized.
  • Dynamic roles are being replaced by Dynamic groups. With this transition, the IBM Verify is going to handle the following changes for you:
    • Application dynamic roles are going to be migrated to a new dynamic groups page, preserving any existing associations with applications.
    • The existing Administrator dynamic roles are going to be transformed into Regular administrator roles, preserving their role composition. A new Dynamic group, bearing the same name as the administrator role is created with the existing condition sets and memberships. The new created dynamic group is then associated with the corresponding regular administrator role. The existing administrator entitlements that are granted to dynamic role members remain intact.
  • As part of the transition from Dynamic roles to Dynamic groups, the v1.0 APIs for administrator and application dynamic roles are deprecated. The end of life is 01 July 2026. See Administrator dynamic role APIs and Application dynamic role APIs for more details.
  • Upcoming changes to OpenID Connect support require changes in existing applications that use OpenID Connect Single sign-on. See OpenID Connect implementation notes.
  • Caching changes are being deployed. As a result, changes to OIDC general settings or Certificates can take up to one minute to take effect in the following endpoints.
    • /oidc/endpoint/default/.well-known/openid-configuration
    • /v1.0/endpoint/default/.well-known/openid-configuration
    • /oauth2/.well-known/openid-configuration
    • /oidc/endpoint/default/jwks
    • /v1.0/endpoint/default/jwks
    • /oauth2/jwks
  • The Subscription Usage Dashboard is currently still in preview mode. Some inaccuracies were discovered in the usage statistics. The levels of consumption for your subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
    Note: The inaccuracies in the data that is displayed do not affect your billing in any way.