What's new
Look here for the new features and other information that is specific to the current release of IBM® Security Verify.
Note: The new features might not be available in your location yet.
March 2024
- New Certificates are available for *.ice.ibmcloud.com tenants. See Product requirements.
- IBM does not support the customization of alphanumeric
senderId
s SMS in Australia and Singapore. For these restrictions, see Supported countries for SMS and Voice. - Updated list of supported application templates. Added support for the following
applications:
- None
- Notifications
-
- To improve security, the state and nonce query parameters in the OpenID Connect authorization request must be at least 8 characters long. This change becomes effective 30 June 2024. Ensure that your applications are updated.
- Application grants v1.0 APIs
/v1.0/appgrants
are deprecated. The end of life is 30 June 2024. See Deprecated APIs. The new APIs require the application ID to be specified and either "Manage OIDC and OAuth application grants" or "Read OIDC and OAuth application grants" API entitlements. - The Subscription Usage Dashboard is currently still in preview mode. Some
inaccuracies were discovered in the usage statistics. The levels of consumption for your
subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
Note: The inaccuracies in the data that is displayed do not affect your billing in any way.
- The mtlsidaas global tenants for device managers are now deprecated and will be removed after March 2024. Go to Obtaining a vanity hostname to request a vanity domain. For more information, see Adding a device manager.
- The RSA-v1.5 Encryption key transport algorithm will not be supported after March 2024. See the Encryption options table in Configuring SAML single sign-on in the identity provider.
February 2024
- IBM Security Verify supports SMS and Voice one-time passwords for many countries depending on the type of plan that you have for your tenant. This feature is supported for paid tenants only. It is not available for trial tenants. For a list of countries and any restrictions, see Supported countries for SMS and Voice.
- OIDC and OAuth token lengths are not fixed. See Tokens in Table 1 Single Sign-on.
- Updates to the logo.png and the page_style.css pages can take up to 5 min. For more information, see Create common branding.
- Information was added about SAML2 application metadata export URLs. See Configuring SAML single sign-on in the identity provider What to do next.
- The process for obtaining a vanity hostname was updated. See Obtaining a vanity hostname.
- Updated list of supported application templates. Added support for the following
applications:
- None
- Notifications
-
- To improve security, the state and nonce query parameters in the OpenID Connect authorization request must be at least 8 characters long. This change becomes effective 30 June 2024. Ensure that your applications are updated.
- Application grants v1.0 APIs
/v1.0/appgrants
are deprecated. The end of life is 30 June 2024. See Deprecated APIs. The new APIs require the application ID to be specified and either "Manage OIDC and OAuth application grants" or "Read OIDC and OAuth application grants" API entitlements. - The Subscription Usage Dashboard is currently still in preview mode. Some
inaccuracies were discovered in the usage statistics. The levels of consumption for your
subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
Note: The inaccuracies in the data that is displayed do not affect your billing in any way.
- New certificates for *.verify.IBM.com were deployed on 11 December 2023. The previous certificates expired on 09 January 2024. See Product requirements.
- The mtlsidaas global tenants for device managers are now deprecated and will be removed after March 2024. Go to Obtaining a vanity hostname to request a vanity domain. For more information, see Adding a device manager.
- The RSA-v1.5 Encryption key transport algorithm will not be supported after March 2024. See the Encryption options table in Configuring SAML single sign-on in the identity provider.
- Access policy management v3.0 APIs /v3.0/policyvault/accesspolicy are deprecated. The end of life was 23 December 2023. See Deprecated APIs. The new APIs are at https://docs.verify.ibm.com/verify/reference/listaccesspolicyrevisions.
January 2024
- A new grant type ,
JWT bearer
was added and two new configuration parameters were added under JWT settings. See Configuring single sign-on in the OpenID Connect application and Configuring single sign-on in the OpenID Connect for Open Banking applications. - IBM Security Verify now supports configuring Google Workspace as a device manager. See Adding a Google Workspace device manager.
- You can generate and download .csv files for the following
reports.
This
feature is available as part of a requestable public preview, CI-40542. To request this feature,
contact your IBM Sales representative or IBM contact and indicate your interest in enabling this
capability. If you have permission to create a support ticket, create a support ticket with the
public preview number. Note: IBM Security Verify trial subscriptions cannot create support tickets.
- Adaptive access
- Application usage
- Admin activity
- Authentication activity
- Campaign activity
- Consumer usage analytics
- Fulfillment activity
- MFA activity
- Password intelligence
You can use the .csv reports to maintain data records beyond the 7-day retention period. See Download a .csv report.
- Twitter was rebranded to X.
- The requesting access to finer entitlements page has been improved. See Requesting access to finer entitlements.
- IBM Security Verify now supports modifying request management pages. See Modify request management pages
- IBM Security Verify now supports configuring a custom device name for OpenID Connect or OpenID Connect for Open Banking. See Configuring a custom device name.
- Updates were made to IBM Security Verify themes. See Modify user flow pages.
- Updated list of supported application templates. Added support for the following
applications:
- None
- Notifications
-
- To improve security, the state and nonce query parameters in the OpenID Connect authorization request must be at least 8 characters long. This change becomes effective 30 June 2024. Ensure that your applications are updated.
- Application grants v1.0 APIs
/v1.0/appgrants
are deprecated. The end of life is 30 June 2024. See Deprecated APIs. The new APIs require the application ID to be specified and either "Manage OIDC and OAuth application grants" or "Read OIDC and OAuth application grants" API entitlements. - The Subscription Usage Dashboard is currently still in preview mode. Some
inaccuracies were discovered in the usage statistics. The levels of consumption for your
subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
Note: The inaccuracies in the data that is displayed do not affect your billing in any way.
- New certificates for *.verify.IBM.com are being deployed on 11 December 2023. The current certificates expire on 09 January 2024. See Product requirements.
- The mtlsidaas global tenants for device managers are now deprecated and will be removed after March 2024. Go to Obtaining a vanity hostname to request a vanity domain. For more information, see Adding a device manager.
- The RSA-v1.5 Encryption key transport algorithm will not be supported after March 2024. See the Encryption options table in Configuring SAML single sign-on in the identity provider.
- Access policy management v3.0 APIs /v3.0/policyvault/accesspolicy are deprecated. The end of life is 23 December 2023. See Deprecated APIs. The new APIs are at https://docs.verify.ibm.com/verify/reference/listaccesspolicyrevisions.
December 2023
- Updates were made to IBM Security Verify Gateway for Linux PAM and AIX PAM. For supported operating systems, see Overview. For new configuration arguments, see The PAM system configuration file.
- IBM Security Verify Gateway for RADIUS now supports Linux operating systems. See IBM Security Verify Gateway for RADIUS.
- Updated list of supported application templates. Added support for the following
applications:
- None
- Notifications
-
- New certificates for *.verify.IBM.com are being deployed on 11 December 2023. The current certificates expire on 09 January 2024. See Product requirements.
- The mtlsidaas global tenants for device managers are now deprecated and will be removed after March 2024. Go to Obtaining a vanity hostname to request a vanity domain. For more information, see Adding a device manager.
- The RSA-v1.5 Encryption key transport algorithm will not be supported after March 2024. See the Encryption options table in Configuring SAML single sign-on in the identity provider.
- Changes to OpenID Connect token introspection and userinfo response came in
October. After the changes,
- In the token introspection response, the ext, category, restrictEntitlements, entitlements, and groupUids claims are no longer returned by default.
- In the token introspection response, token_type now always returns "bearer" for any token that can be introspected.
- In the user_info response, the ext claim is no longer returned by default.
- For both token introspection and userinfo, the audience ("aud") value is always returned as a list even when only 1 value exists.
- IBM Security Verify Analytics Bridge is no longer supported. The documentation was removed.
- Access policy management v3.0 APIs /v3.0/policyvault/accesspolicy are deprecated. The end of life is 23 December 2023. See Deprecated APIs. The new APIs are at https://docs.verify.ibm.com/verify/reference/listaccesspolicyrevisions.
November 2023
- You can now configure an identity agent to use attributes from multiple sources for authentication. See Configuring an identity agent for authentication by using multiple attribute sources.
- The Public Preview requirement in the documentation is removed. See Configuring DUO Security as an external MFA provider.
- When your configure Global settings for authentication, you can now exclude the SPNameQualifier from SAML 2.0 Service provider AuthnRequest. See Configuring Global settings.
- IBM Security Verify now supports User forms, which collect the necessary information to create a user profile, making the onboarding experience streamlined for users. For more information see, Managing user forms.
- IBM Security Verify documentation no longer supports the following languages, Czech, Polish, Traditional Chinese, and Turkish. For information about what languages the product supports and what languages the documentation supports, see Language support.
- Updated list of supported application templates. Added support for the following
applications:
- None
- Notifications
-
- New certificates for *.verify.IBM.com are being deployed on 11 December 2023. The current certificates expire on 09 January 2024. See Product requirements.
- The mtlsidaas global tenants for device managers are now deprecated and will be removed after March 2024. Go to Obtaining a vanity hostname to request a vanity domain. For more information, see Adding a device manager.
- The RSA-v1.5 Encryption key transport algorithm will not be supported after March 2024. See the Encryption options table in Configuring SAML single sign-on in the identity provider.
- Changes to OpenID Connect token introspection and userinfo response came in
October. After the changes,
- In the token introspection response, the ext, category, restrictEntitlements, entitlements, and groupUids claims are no longer returned by default.
- In the token introspection response, token_type now always returns "bearer" for any token that can be introspected.
- In the user_info response, the ext claim is no longer returned by default.
- For both token introspection and userinfo, the audience ("aud") value is always returned as a list even when only 1 value exists.
- IBM Security Verify Analytics Bridge is no longer supported. The documentation was removed.
- Access policy management v3.0 APIs /v3.0/policyvault/accesspolicy are deprecated. The end of life is 23 December 2023. See Deprecated APIs. The new APIs are at https://docs.verify.ibm.com/verify/reference/listaccesspolicyrevisions.
October 2023
- IBM Security Verify now supports flow designer. With flow designer, you
can construct a defined flow by using low code or no code experiences to achieve your workflow. For
example, you can orchestrate
- The user journey
- Login, registration, and more.
- Security
- Risk assessment, passkey enrollment and enforcement, and more.
- Identity modernization
- User migration, protecting legacy applications, and more.
- Dropoff events were added to reports event types and payloads. See Dropoff events payload.
- Time-based one-time passwords now supports multiple enrollments. See Configuring authentication factors.
- Updated list of supported application templates. Added support for the following
applications:
- IBM Security Verify
- Rapid7
- Notifications
-
- In the IBM Security Verify Administrator launchpad, templates in the compressed theme file templates/notifications/access_application_request are deprecated and will be removed after June 2024. See Modify request management pages.
- The mtlsidaas global tenants for device managers are now deprecated and will be removed after March 2024. Go to Obtaining a vanity hostname to request a vanity domain. For more information, see Adding a device manager.
- The RSA-v1.5 Encryption key transport algorithm will not be supported after March 2024. See the Encryption options table in Configuring SAML single sign-on in the identity provider.
- Changes to OpenID Connect token introspection and userinfo response are coming
in October. After the changes,
- In the token introspection response, the ext, category, restrictEntitlements, entitlements, and groupUids claims are no longer returned by default.
- In the token introspection response, token_type now always returns "bearer" for any token that can be introspected.
- In the user_info response, the ext claim is no longer returned by default.
- For both token introspection and userinfo, the audience ("aud") value is always returned as a list even when only 1 value exists.
- IBM Security Verify Analytics Bridge is no longer supported. The documentation was removed.
- The certificates for *.ice.ibmcloud.com are expiring on 22 June 2023. New certificates are planned to be deployed on 08 June 2023. See Product requirements.
- Changes to improve performance are coming for the grant
management API.
- When a request to retrieve grants has more than 1000 grants that match the search criteria, the "total" returned counts up only to 1000.
- Grant "attributes" are no longer be returned.
- Grant "lastUsed" are no longer be updated when the tokens are introspected or used on the "userinfo" endpoint. The "lastUsed" value is only updated when the refresh token that is associated with the grant is used to exchange for new tokens.
- Access policy management v3.0 APIs /v3.0/policyvault/accesspolicy are deprecated. The end of life is 23 December 2023. See Deprecated APIs. The new APIs are at https://docs.verify.ibm.com/verify/reference/listaccesspolicyrevisions.
- Some v1.0 APIs that are related to branding for uploading and downloading templates are now deprecated and will be removed after June 2023. Your branding is not changed. Enhanced and easier-to-use replacements are already available. Visit Migrating from templates to themes.