News
Abstract
New IBM® Security Verify features that were released in September.
Content
Key updates
These new features might not be available in your location yet.
- The user interface was reorganized to reduce the need for horizontal scrolling of tabs and to group functions more effectively. Use this table to find the functions that were moved.
Table 1. Relocated functions What's movedFromToApp role management Main navigation Admin roles Main navigation Certification campaigns Governance Operation results Governance Account sync Governance Users & Groups Main navigation Authentication factors Security FIDO2 Security Registration profiles Security Usage dashboard Main navigation User flows Main navigation Profile management Main navigation Configuration Main navigation Analytics (Verify Bridge for Analytics) Configuration Analytics (managing analytics) Main navigation API access Configuration Application profiles Configuration Attributes Configuration Certificates Configuration Customizations Configuration Device managers Configuration Identity agents Configuration Identity sources Configuration Integrations Configuration Password policies Configuration Subscriptions Configuration Replaced by - IBM Security Verify now supports password synchronization for provisioning on some applications, See Applications that support password synchronization and Configuring Cloud Directory.
- Verify Bridge now enforces LDAP TLS server certificate validation when the host is specified by using an IP address. See IBM Security Verify Bridge.
- Users are now able to recover their usernames. See Recovering your username and Configuring Cloud Directory.
- Timestamp functions are now supported for attributes. See Attribute functions.
- OIDC applications now support PS256, PS384, and PS512 algorithms. See Configuring single sign-on in the OpenID Connect provider, Creating the client secret JWT and private key JWT, and Creating the client secret JWT and private key JWT.
- IBM Security Verify now supports Client_secret_jwt and private_key_jwt for OIDC applications single sign-on. See Creating the client secret JWT and private key JWT.
- New RSA and ECDSA certificates are available on 23 September 2021 for *.ice.ibmcloud.com tenants. The current certificates expire on 15 October 2021. See Product requirements.
- A new public SAML API was added to export metadata. The
GEToperation supports two federationssaml20spandsaml20ip. See IBM Security Verify API Documentation.
Other features, enhancements, and announcements
- Added support for the following applications. See Supported applications and connectors.
- AssetSonar
- Avian
- ClicData
- Clockify
- FireHydrant
- Jostle
- Qualified
- Rewatch
- With IBM Security Verify, you can now use WS-Federation and WS-Trust for Azure AD Join. You can configure it from the Microsoft 365 application with the WS-Federation Sign-on method. Configuration instructions are provided in the Microsoft 365 application template.
- Transformation rules can now be applied on the username for the active requestor flow of Microsoft 365 WS-Federation applications.
Notifications
- The TokenExchange API has an optional request parameter, redirect_url. When it is included, the request returns a redirect response to the browser to the redirect_url. For example, /authenticate/v1.0/auth/session?redirect_url=https://some_url.com. In an upcoming version, an error will be returned if the redirect_url is not in the tenant's list of allowed URLs.
The tenant administrator can set the allowed URLs. The entries in the list are regular expressions, the administrator can match the redirect_url by using the regular expression syntax. For example,The redirect_url will be allowed by default if:
- It points to the tenant: https://my_tenant.com/....
- It starts with a "
/", a relative URL:/ivcreds.
A tenant administrator can use the forthcoming Session Exchange API to set the list of allowed URLs. An example of the SessionExchange payload to set the list: - On 7 October 2021, IBM Security Verify is adding a restriction on concurrent browser login sessions for a user. A typical user will not encounter this limit error. If monitor scripts are simulating a user login, you must modify them to explicitly log out by navigating to:
https://{{tenant}}/idaas/mtfim/sps/idaas/logout
- IBM Security Verify continually enhances its password security policy. You might encounter some changes in its behavior.
- Some v1.0 APIs that are related to multi-factor authentication are now deprecated and will be removed after December 2021. Enhanced and easier-to-use replacements are already available. See Deprecated APIs.
Related Information
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSCT62","label":"IBM Security Verify"},"ARM Category":[{"code":"a8m0z0000001jljAAA","label":"Security Verify"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]
Product Synonym
IBM Cloud Identity;IBM Security Verify;Verify
Was this topic helpful?
Document Information
Modified date:
16 September 2021
UID
ibm16487777