News
Abstract
We are proud to announce the electronic general availability of IBM® Security Verify Access, v10.0.9. Available on the 31st January 2025, with features and fixes to the IBM Security Verify Access platform.
Content
IBM Security Verify Access Version (ISVA) 10.0.9
IBM Security Verify Access helps organizations securely manage user access and protect applications against fraudulent and unauthorized access. It operates across web, mobile, and enterprise infrastructure, including network access and Windows and Unix servers.
The 10.0.9 release marks the ninth maintenance release on the v10 platform and delivers security fixes, updates and enhancements:
Verify Access Platform
- Support for the Partitioned HTTP Cookie Attribute
The reverse proxy now supports the Partitioned HTTP cookie attribute to improve compatibility with modern web applications. - Logging the Source Port in WebSEAL Request Logs
The reverse proxy request logs can now include the source port from which requests are received, improving audit trail granularity. - New ARP Cache Command for CLI
Administrators can now manage the ARP cache with a new command (networking>arp>delete) via the SSH CLI. - Label Support for Imported Personal SSL Certificates
Users can now assign labels to personal SSL certificates during the import process. - New Notification for Unavailable External Network Services
A notification message is introduced to indicate when all external network services (e.g., Configuration or Runtime Databases) are unavailable. - Support for the Junction Name as a Request Header
The reverse proxy can now include the junction name as a request header, simplifying backend application integrations. - Database Support Enhancements
- Microsoft SQL Server compatibility for Configuration and Runtime Databases.
- Support for PostgreSQL version 16 for Configuration and Runtime Databases.
- ModSecurity v3.0.13
The Web Application Firewall (WAF) now uses ModSecurity v3.0.13 for enhanced security. - Audit Enhancements
New audit events are generated when clients present certificates with unknown OCSP status.
Advanced Access Control (AAC) & Federation
- New FIDO2 Relying Party Configuration Flag
Administrators can test development builds of mobile operating systems using a new FIDO2 flag. - Magic Link Authentication Policy
A new authentication policy bundle enables magic link authentication, providing streamlined access without traditional passwords. - Scoped LDAP Searches in InfoMap Authentication Mechanisms
Support for scoped LDAP searches using Search Controls improves flexibility in user lookups. - Mobile Multi-Factor Authentication Enhancements
Multi-factor authentication transactions can now display a correlation value for each transaction that must be entered on the mobile device to improve security and combat MFA Fatigue in IBM Verify Mobile Multifactor authentication flows. - Firebase Push Notification Update
Updates to Firebase push notification providers ensure compliance with Google’s service changes, requiring service account JSON files instead of server API keys.
Additional functionality has also been marked as deprecated, for full information and a complete list of features and changes and critical changes in the v10.0.9 release, see What's New in the IBM Documentation.
Supporting program and license updates
The IBM Application Gateway is now included as a "supporting program" of some IBM Security Verify Access Licenses. This is a change from the prior component-based delivery, to the 'full product' definition since October 2023.
Note: This update also clarifies that the IBM Application Gateway contributes to 'license consumption'. Users of the IBM Application Gateway must be licensed under and in conjunction with the primary program (IBM Security Verify Access). Similarly it contributes to the consumption of processor (e.g. Base or EE - PVU) licenses when deployed.
Customers operating on Hardware Appliances may use the IBM Application Gateway or OpenID Connect Provider containers under their existing licenses - when using the new container on appliance functionality.
Customers operating on Hardware Appliances may use the IBM Application Gateway or OpenID Connect Provider containers under their existing licenses - when using the new container on appliance functionality.
For further clarity, contact your IBM account representative.
Notes and updates from previous releases
-
Supporting software Updates:
- IBM Security Verify Directory
IBM Security Directory Server v6.4 and IBM Security Directory Suite v8.0.1 are no longer bundled with Verify Access.
Migrate your environments to Verify Directory v10.0.
- IBM Security Verify Directory
Critical changes
IBM Security Verify Access publishes a dedicated page to capture changes that will likely have a significant impact on a deployment during or after an upgrade.
For more information see: Critical changes
To access a wide variety of technical resources for this product, see the IBM Security Verify Access Version 10.0.9 product documentation in IBM Documentation.
Are you interested in learning more about the new product features planned for upcoming releases of IBM Security Verify Access? Would you like the opportunity to try a Beta version of an upcoming ISVA release and the ability to give feedback regarding new product features? Are you interested in learning about other IBM Security product offerings?
If you answered “yes” to any of these questions, the IBM Security Agile Client Experience (ACE) program might be the right opportunity for you.
The IBM Security ACE program offers a range of early access programs and prototype feedback sessions for selected IBM Security products.
Throughout these interactive programs, the IBM Security development teams deliver resources and/or host sessions. This can provide participants with an insight into the new features that are being designed and implemented.
When you participate in this program, IBM gives you early access to the design and/or features for your evaluation and feedback before the general availability of the new product releases. The overall goal of the Security ACE program is to garner important feedback from participants to help shape the direction of our products. Participation is free of charge. The content of the program is confidential and is available to interested parties who accept the program terms and conditions.
Getting started is easy! Register your interest in joining the program by using this registration form: http://ibm.biz/security-ace-registration
This version is available from Passport Advantage, Fix Central, and the IBM Container Registry.
This technote details the information required to download and access this release of IBM Security Verify Access and its supporting programs:
IBM Security Verify Access delivers defect and security updates only to the latest current patched (fixed) release. With this release of IBM Security Verify Access, v10.0.9 becomes the ‘current patched release’ for v10.X where all fixes and patches are delivered to this version. For more information, see this notification: https://www.ibm.com/support/pages/node/6453645
Additional information for IBM Security Verify Access Gen2 hardware appliance
IBM announced the end of support date of IBM Security Access Manager and IBM Security Verify Access Gen2 Hardware Appliances (5122-81T) for 30 September 2025. For more information, see this notification: https://www.ibm.com/support/pages/node/872590
Additional information for IBM Verify Identity Access v11.0
IBM Security Verify Access v10.X has been superseded by IBM Verify Identity Access v11.0. Upgrading to v11 is the suggested maintenance and upgrade path. For more information, see this notification: https://www.ibm.com/support/pages/ibm-verify-identity-access-v1100-release-notification
IBM Security Access Manager v9.0 is now End of Support. For more information, see this notification: https://www.ibm.com/support/pages/node/6452057.
[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSRGTL","label":"IBM Security Verify Access"},"ARM Category":[{"code":"a8m0z000000cxuHAAQ","label":"Security Verify Access"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.0.8;10.0.9"}]
Product Synonym
IBM Security Verify Access; IBM Security Access Manager; ISAM; ISVA;
Was this topic helpful?
Document Information
Modified date:
03 February 2025
UID
ibm17182308