IBM Security Verify Request

IBM Security Verify Request provides an interface for the Identity products - IBM Security Verify Governance (Verify Governance & Identity Manager). It enables Verify Governance or Identity Manager users to act on access request approvals or manage passwords while on the move.

IBM Security Verify Request validates your identity with your fingerprint or PIN that's already configured on your device, for subsequent access to the app. (Only for Verify Governance)

Features:

• MDM (Mobile Device Management) Support

• QR Code based on-boarding support. (Only for Verify Governance)

• Access using TouchID or PIN. (Only for Verify Governance)

• Manage Password, where employees can change their passwords by providing old and new password.

• Manage Approvals, where managers can search, view, approve, reject or redirect pending access requests.

• Forgot Password: Identity Manager users, can reset their login password, in case they have forgotten it and have legit permissions to do so, as set by the server administrator.

• Logging capabilities

• Act as delegate, where user can act as a delegate for another user and perform actions on tasks on behalf of the delegator user.

• Force password change, when enabled by admin, user is prompted to change the password the next time he logs in.

MDM support:

The app can now be configured with an MDM solution (For example: IBM Security MaaS360®)
The app supports the following app configuration parameters:

• hostURL: Server URL for Verify Governance or Identity Manager. Host URL has the following formats: 
  • https://<hostname>:<port>/itim for Identity Manager, where hostname and port number are of the server that hosts the Verify Governance Service Center. 
  • https://<hostname>:<port>/igi/v2 for Verify Governance, where hostname and port number are of the server that hosts the Verify Governance Service Center.
• username (optional): User ID. This is an optional parameter. You need to provide this value only if user registry for MDM is managed by Verify Governance/Identity Manager. If this is not the case, then do not specify the username parameter. 

These parameters are configured by the Administrator by using MDM.

If the app is configured with host URL by using MDM, user is not required to enter the host URL and is directed to the login screen.

If the app is configured with host URL and username by using MDM, user only needs to provide the password on the login screen.

If the app is not configured by using MDM, there is no change in user experience.

Forgot Password:

When IBM Security Identity Manager  users of the app forget their login password, they can reset it on their own, if they are provided with the legitimate permissions by their IDENTITY MANAGER administrator. To enable this feature in the mobile app, the system administrator must enable the Reset Passwords function.

IBM Security Identity Manager can be configured so that it can enforce a new user to set up the Challenge Response questions when he/she logs in for the first time. To do this, the administrator needs to set to True the enforceCRSetupOnLogin property on the IDENTITY MANAGER server.

This property can be updated in the rest.properties file in the $ISIM HOME/data/ directory on IBM Security Identity Manager Software Stack or in the rest.properties file in Configure>Advanced Configuration>Update Property on the IBM Security Identity Manager virtual appliance.

• With enforceCRSetupOnLogin=true, a new user must first set the Challenge Response questions to be able to log in to the mobile app. After the first time, the user is no longer asked to set them in the following logins, until changes are made on the Challenge Response requirements in the Identity Manager server. 
• With enforceCRSetupOnLogin=false, the new user does not see the setup screen to provide the Challenge Response questions after logging in. The user sees an exclamation mark on the Settings icon, and can select Settings to set the Challenge Response questions. 

Act as delegate for:

• If a user needs to do tasks on behalf of another user, Verify Governance provides an option to act as a delegate for another user and perform actions on tasks on behalf of the delegator user. Such operation can be performed using the mobile app.  Refer to the Verify Governance documentation for further information on this feature.
• In the mobile application, the user can select the “Act as Delegate For” option from the menu. This will show the list of available delegators, and the user can choose the one that he/she has to act on behalf of.  User can also view the details of the delegator by tapping on the “View Details” button.
• A delegated user can perform the following actions: Approve, Reject and Redirect on pending requests on behalf of the delegator.
• After performing actions on pending tasks, the delegated user can return to self via “Return To Self” option in the menu.

 Force password change:

• In Verify Governance, when an administrator forces a change password action for a user's account that belongs to a password sync group, the user is prompted to change the password the next time he/she logs in. Refer to the product documentation for more information on this feature.
• If this feature is enabled by the Verify Governance admin, the user is prompted to change his/her account password from the mobile app at the next login.

Logging capabilities:
 

• IBM Security Access Requests provides logging capabilities for debugging purposes. Initially, the user is prompted with a dialog asking for permission to enable logging. After the app is successfully launched, logging is automatically disabled. It can later be enabled by making changes in Settings. The logged events contain information such as "username".

• Apple iOS v13 to v14.4
• Android v11 to v13