IBM Support

IBM Verify Identity Access v11.0.0 Release Notification

News


Abstract

We are proud to announce the general availability of IBM® Verify Identity Access (IVIA), v11.0, in December 2024. This release introduces rebranding from IBM Security Verify Access to IBM Verify Identity Access, alongside significant new features and enhancements, including support for Digital Credentials and new features and updates across the platform.

Content

IBM Verify Identity Access (IVIA) v11.0
IBM Verify Identity Access helps organizations securely manage user access, protect applications, and deliver advanced identity and access management capabilities. It operates across web, mobile, and enterprise environments, ensuring secure and seamless access control.
The 11.0 release introduces the following updates and enhancements:
Digital Credentials
  • Support for Verifiable Credentials
    A new Digital Credentials service enables the issuance and management of verifiable credentials, providing secure, cryptographically verifiable identity proofing. This feature lays the foundation for decentralized identity ecosystems and user-controlled identity verification.
Available with the new Digital Credentials License Upgrade.
Verify Identity Access Platform
  • Rebranding to IBM Verify Identity Access (IBM VIA)
    The product name reflects a renewed focus on delivering advanced identity and access management capabilities while maintaining continuity with existing features.
  • Support for the Partitioned HTTP Cookie Attribute
    WebSEAL now supports the Partitioned HTTP cookie attribute to improve compatibility with modern web applications.
  • Logging the Source Port in WebSEAL Request Logs
    WebSEAL request logs can now include the source port from which requests are received, improving audit trail granularity.
  • New ARP Cache Command for CLI
    Administrators can now manage the ARP cache with a new command (networking>arp>delete) via the SSH CLI.
  • Label Support for Imported Personal SSL Certificates
    Users can now assign labels to personal SSL certificates during the import process.
  • New Notification for Unavailable External Network Services
    A notification message is introduced to indicate when all external network services (e.g., Configuration or Runtime Databases) are unavailable.
  • Support for the Junction Name as a Request Header
    WebSEAL can now include the junction name as a request header, simplifying backend application integrations.
  • Database Support Enhancements
    • Microsoft SQL Server compatibility for Configuration and Runtime Databases.
    • Support for PostgreSQL version 16 for Configuration and Runtime Databases.
  • ModSecurity v3.0.13
    The Web Application Firewall (WAF) now uses ModSecurity v3.0.13 for enhanced security.
  • Audit Enhancements
    New audit events are generated when clients present certificates with unknown OCSP status.
Advanced Access Control (AAC)
  • New FIDO2 Relying Party Configuration Flag
    Administrators can test development builds of mobile operating systems using a new FIDO2 flag.
  • Magic Link Authentication Policy
    A new authentication policy bundle enables magic link authentication, providing streamlined access without traditional passwords.
  • Scoped LDAP Searches in InfoMap Authentication Mechanisms
    Support for scoped LDAP searches using Search Controls improves flexibility in user lookups.
  • Mobile Multi-Factor Authentication Enhancements
    Multi-factor authentication transactions can now display a correlation value for each transaction that must be entered on the mobile device to improve security and combat MFA Fatigue in IBM Verify Mobile Multifactor authentication flows.
  • Firebase Push Notification Update
    Updates to Firebase push notification providers ensure compliance with Google’s service changes, requiring service account JSON files instead of server API keys.
Additional functionality has also been marked as deprecated or removed, for full information and a complete list of features and changes and critical changes in the v11.0.0 release, see What's New in the IBM Documentation.

IBM Verify Identity Access OpenID Connect Provider v24.12

The OIDC Provider is a containerized lightweight OIDC provider, which supports advanced OIDC and OAuth standards. It can be deployed and scaled with modern orchestration systems, including Kubernetes.
The v24.12 release adds the following new features to this platform:
  • Support for OAuth 2.0 Rich Authorization Requests (RAR)
    Enables detailed and granular authorization requests, allowing clients to specify fine-grained access requirements (e.g., specific actions on specific resources). This enhances security by reducing over-privileged access, supports compliance needs, and improves the overall user experience with precise access controls.
  • Support for OpenID for Verifiable Credential Issuance
    Facilitates the issuance of Verifiable Credentials using OpenID Connect, enabling secure, interoperable delivery of cryptographically verifiable credentials. This accelerates the adoption of decentralized identity solutions, improving user privacy and control while supporting cross-domain verification.
For the formal list of features and changes in the v24.12 OIDC OP release and earlier, see What's New in the Documentation.
 
Supporting program and license updates
The IBM Application Gateway is now included as a "supporting program" of some IBM Verify Identity Access Licenses. This is a change from the prior component-based delivery, to the 'full product' definition since October 2023.
Note: This update also clarifies that the IBM Application Gateway contributes to 'license consumption'. Users of the IBM Application Gateway must be licensed under and in conjunction with the primary program (IBM Verify Identity Access). Similarly it contributes to the consumption of processor (e.g. Base or EE - PVU) licenses when deployed.

Customers operating on Hardware Appliances may use the IBM Application Gateway or OpenID Connect Provider containers under their existing hardware licenses - only when using the new container on appliance functionality.
For further clarity, contact your IBM account representative.
Notes and updates from previous releases
  • Supporting software Updates:
    • IBM Security Verify Directory
      IBM Verify Identity Access now bundles IBM Security Verify Directory v10.0.
    • IBM Security Directory Server v6.4 and IBM Security Directory Suite v8.0.1 are no longer bundled with Verify Identity Access.

Critical changes

IBM Verify Identity Access publishes a dedicated page to capture changes that will likely have a significant impact on a deployment during or after an upgrade.

For more information see: Critical changes

To access a wide variety of technical resources for this product, see the IBM Verify Identity Access Version 11.0.0 product documentation in IBM Documentation.
Early Access Program (EAP)
Are you interested in learning more about the new product features planned for upcoming releases of IBM Security Verify Access? Would you like the opportunity to try a Beta version of an upcoming ISVA release and the ability to give feedback regarding new product features? Are you interested in learning about other IBM Security product offerings?
If you answered “yes” to any of these questions, the IBM Security Agile Client Experience (ACE) program might be the right opportunity for you.
The IBM Security ACE program offers a range of early access programs and prototype feedback sessions for selected IBM Security products.
Throughout these interactive programs, the IBM Security development teams deliver resources and/or host sessions. This can provide participants with an insight into the new features that are being designed and implemented.
When you participate in this program, IBM gives you early access to the design and/or features for your evaluation and feedback before the general availability of the new product releases. The overall goal of the Security ACE program is to garner important feedback from participants to help shape the direction of our products. Participation is free of charge. The content of the program is confidential and is available to interested parties who accept the program terms and conditions.
Getting started is easy! Register your interest in joining the program by using this registration form:  http://ibm.biz/security-ace-registration
Downloading the product and assemblies
This version is available from Passport Advantage, Fix Central, and the IBM Container Registry.
This technote details the information required to download and access this release of IBM Verify Identity Access and its supporting programs: 
Upgrading and staying in support
IBM Verify Identity Access delivers defect and security updates only to the latest current patched (fixed) release. With this release of IBM Verify Identity Access, v11.0.0 becomes the ‘current patched release’ of v11.0 where all fixes and patches are delivered to this version. For more information, see this notification: https://www.ibm.com/support/pages/node/6453645
Additional information for IBM Security Verify Access Gen2 hardware appliance
IBM announced the end of support date of IBM Security Access Manager and IBM Security Verify Access Gen2 Hardware Appliances (5122-81T) for 30 September 2025. For more information, see this notification: https://www.ibm.com/support/pages/node/872590

[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSRN3F","label":"IBM Verify Identity Access"},"ARM Category":[{"code":"a8m0z000000cxuHAAQ","label":"Security Verify Access"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"11.0.0"},{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSRGTL","label":"IBM Security Verify Access"},"ARM Category":[{"code":"a8m0z000000cxuHAAQ","label":"Security Verify Access"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Product Synonym

IBM Verify Identity Access; IVIA; IBM Security Verify Access; IBM Security Access Manager; ISAM; ISVA;

Document Information

Modified date:
03 February 2025

UID

ibm17176603

Page Feedback