Questions about IBM Security Verify

What security certifications has IBM Security Verify obtained?

Verify has obtained several common certifications like ISO 27001, ISO 27017, ISO 27018, ISO 27701, PCI DSS, SOC 2 Type II , SOC 3 and FedRAMP Ready.


In which geographic regions does IBM offer data centers for Verify?

IBM currently offers commercial data centers for Verify in the United States, Canada, Europe, China and Japan. Additional regions can be addressed with a dedicated cloud instance of Verify.

Is the cloud infrastructure for Verify dedicated or shared between clients?

Multi-tenant deployments by default share infrastructure located in a choice of region with logical separation and encryption of data to ensure proper security. IBM also offers dedicated cloud instances of Verify deployed specifically and isolated for clients. These offer a wider choice of deployment regions based on major public cloud providers.

What is the service level agreement (SLA) for Verify?

Verify offers 99.9% guaranteed uptime, with actual operational uptime typically exceeding this. You can monitor the uptime of Verify at the following link.

How can I use Active Directory as an identity source with Verify?

You can use your Verify tenant to authenticate users against external directories like Active Directory or Azure AD. See details in the configuration guide at the following link.

Can I protect my on-prem applications with Verify?

Yes, Verify uses a lightweight application gateway to extend access control to on-prem web applications. It also works hand in hand with existing Verify Access implementations.

What user authentication methods does Verify offer?

Verify offers time-based, SMS, email and voice one-time passwords (OTP), IBM Verify mobile app push notifications, user biometric verification like fingerprint and face recognition, QR codes and FIDO2 support.

How does Verify support multifactor authentication for virtual private networks?

Verify includes a RADIUS client that can serve as an authentication mechanism for connections and other systems that support the RADIUS protocol.

Does Verify provide ready-to-use SDKs for development?

Yes, the Developer Portal provides information about SDKs for various use cases, such as native mobile applications and web applications using frameworks like NodeJS and ReactJS.

What is IBM Cloud® Identity?

In June 2020, IBM Cloud Identity was rebranded to IBM Security Verify.

Can I use IBM Security Verify and IBM Security Verify Access together?

Yes, Verify (SaaS) and Verify Access (on-prem) are jointly entitled and work together. You can use a quick start wizard to help establish the federation.

Does Verify integrate with Keycloak or Red Hat® Single Sign-On?

Yes, Verify can be extended into Keycloak or Red Hat SSO environments for full IDaaS capabilities like advanced authentication. Extensions for Verify are available in the IBM Security™ GitHub page.

Does Verify integrate with IBM Security™ MaaS360®?

Yes, you can provide single sign-on and conditional access control for mobile devices using Verify and MaaS360 together for unified endpoint management.

Does Verify integrate with IBM QRadar® SIEM?

Yes, you can stream Verify event data to QRadar to identify and analyze threat anomalies.

Does Verify integrate with IBM Security™ SOAR?

Yes, you can send Verify anomalies and other events to IBM Security SOAR to take actions such as automatic password reset or entitlement removal.