News
Abstract
New IBM® Security Verify features that were released in September.
Content
Key updates
These new features might not be available in your location yet.
- Account synchronization now supports the remediation of unmatched accounts. You can manually assign an owner to individual accounts. See Viewing and remediating conflicting account attributes.
Other features, enhancements, and announcements
- Added support for the following applications.
- Calendly
- Databox
- IBM Cloud
- ONLYOFFICE
- Red Hat Hybrid Cloud Console
- For July, no new features were introduced. Various performance improvements were addressed.
Notifications
- IBM Security Verify now supports Security Verify Adapter v.10.0.5 for IBM Security Verify Access. It needs additional configuration. See, https://www.ibm.com/support/pages/system/files/inline-files/ReleaseNotes-IBMSecurityVerifyAccess-10.0.5_0.html.
- An enhancement to the default OAuth bearer token length will be increased. OpenID Connect Relying Party (RP) clients should allow at least 256-character-length tokens. As a recommendation, is imperative to design the token storage for much larger token sizes, so the JWT-format tokens would fit as well. This change will be release from 1 November 2022.
- A change to simplify social provider-based SSO sessions management is coming. This change impacts only users that use the same browser session to log in to applications with different identity providers through IBM Security Verify.
- Today, SSO sessions for social providers are maintained per identity provider on the web browser. For example, if a user authenticates with the Google social provider, any applications that are configured with the Google social provider use that SSO session for the entirety of the browser session. It does not change even if the user authenticates with a different identity source in the same browser.
- With this change, only a single SSO session is maintained on the web browser. A user who logs in to Google can continue to single sign-on to different applications that are configured to use Google as an identity source. However, if the user logs in to a different application by using Cloud Directory, the user goes through a Google authentication process if they later use an application that is configured to use Google as an identity source.
- Second factor enrollment currently supports limited options customize the user experience. A complete set of new template pages is being made available to allow for greater customization. You can opt in for full branding capabilities (by using techniques that are described in ) by contacting the IBM Support team to enable this feature for your tenant.
-
Starting in July 2022, these pages are enabled for all tenants.Note: The CSS classes that are used in the new pages differ from the current pages. If you are using CSS customization for the current experience, the migration must be done manually.
- To align to the latest, secure hashing implementations and reduce the vulnerability to brute-force attacks, existing Verify SaaS tenant Cloud Directory passwords are now being stored with the SSHA512 hashing algorithm. For new tenants, or any change to a user's password on an existing tenant, the Verify SaaS Cloud Directory passwords are stored with the PBKDF2 hashing algorithm.
- As of April 2022, IBM Security Verify no longer supports ZenKey as an out of the box identity provider. If you have any issues or concern, contact our support team. After April 2022, if a continued need exists, use an OIDC Enterprise-configured identity provider to provide support for Zenkey as an identity provider.
- Starting July 2022, IBM Security Verify will no longer ask the user to consent to entitlements on the OpenID Connect consent page. The entitlements will always be granted. Applications that were relying on this consent to enable or disable functionality in their custom applications must now use scope instead.
- Some v1.0 APIs that are related to branding for uploading and downloading templates are now deprecated and will be removed after June 2023. Your branding will not change. Enhanced and easier-to-use replacements are already available. Visit Migrating from templates to themes.
Related Information
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSCT62","label":"IBM Security Verify"},"ARM Category":[{"code":"a8m0z0000001jljAAA","label":"Security Verify"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]
Product Synonym
IBM Cloud Identity;IBM Security Verify;Verify
Was this topic helpful?
Document Information
Modified date:
13 September 2022
UID
ibm16620013