What's new

Look here for the new features and other information that is specific to the current release of IBM® Security Verify.

Note: The new features might not be available in your location yet.

March 2024

Notifications
  • To improve security, the state and nonce query parameters in the OpenID Connect authorization request must be at least 8 characters long. This change becomes effective 30 June 2024. Ensure that your applications are updated.
  • Application grants v1.0 APIs /v1.0/appgrants are deprecated. The end of life is 30 June 2024. See Deprecated APIs. The new APIs require the application ID to be specified and either "Manage OIDC and OAuth application grants" or "Read OIDC and OAuth application grants" API entitlements.
  • The Subscription Usage Dashboard is currently still in preview mode. Some inaccuracies were discovered in the usage statistics. The levels of consumption for your subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
    Note: The inaccuracies in the data that is displayed do not affect your billing in any way.
  • The mtlsidaas global tenants for device managers are now deprecated and will be removed after March 2024. Go to Obtaining a vanity hostname to request a vanity domain. For more information, see Adding a device manager.
  • The RSA-v1.5 Encryption key transport algorithm will not be supported after March 2024. See the Encryption options table in Configuring SAML single sign-on in the identity provider.

February 2024

Notifications
  • To improve security, the state and nonce query parameters in the OpenID Connect authorization request must be at least 8 characters long. This change becomes effective 30 June 2024. Ensure that your applications are updated.
  • Application grants v1.0 APIs /v1.0/appgrants are deprecated. The end of life is 30 June 2024. See Deprecated APIs. The new APIs require the application ID to be specified and either "Manage OIDC and OAuth application grants" or "Read OIDC and OAuth application grants" API entitlements.
  • The Subscription Usage Dashboard is currently still in preview mode. Some inaccuracies were discovered in the usage statistics. The levels of consumption for your subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
    Note: The inaccuracies in the data that is displayed do not affect your billing in any way.
  • New certificates for *.verify.IBM.com were deployed on 11 December 2023. The previous certificates expired on 09 January 2024. See Product requirements.
  • The mtlsidaas global tenants for device managers are now deprecated and will be removed after March 2024. Go to Obtaining a vanity hostname to request a vanity domain. For more information, see Adding a device manager.
  • The RSA-v1.5 Encryption key transport algorithm will not be supported after March 2024. See the Encryption options table in Configuring SAML single sign-on in the identity provider.
  • Access policy management v3.0 APIs /v3.0/policyvault/accesspolicy are deprecated. The end of life was 23 December 2023. See Deprecated APIs. The new APIs are at https://docs.verify.ibm.com/verify/reference/listaccesspolicyrevisions.

January 2024

  • A new grant type , JWT bearer was added and two new configuration parameters were added under JWT settings. See Configuring single sign-on in the OpenID Connect application and Configuring single sign-on in the OpenID Connect for Open Banking applications.
  • IBM Security Verify now supports configuring Google Workspace as a device manager. See Adding a Google Workspace device manager.
  • You can generate and download .csv files for the following reports. This feature is available as part of a requestable public preview, CI-40542. To request this feature, contact your IBM Sales representative or IBM contact and indicate your interest in enabling this capability. If you have permission to create a support ticket, create a support ticket with the public preview number. Note: IBM Security Verify trial subscriptions cannot create support tickets.
    • Adaptive access
    • Application usage
    • Admin activity
    • Authentication activity
    • Campaign activity
    • Consumer usage analytics
    • Fulfillment activity
    • MFA activity
    • Password intelligence
    You can also export a .csv file for user activity reports.

    You can use the .csv reports to maintain data records beyond the 7-day retention period. See Download a .csv report.

  • Twitter was rebranded to X.
  • The requesting access to finer entitlements page has been improved. See Requesting access to finer entitlements.
  • IBM Security Verify now supports modifying request management pages. See Modify request management pages
  • IBM Security Verify now supports configuring a custom device name for OpenID Connect or OpenID Connect for Open Banking. See Configuring a custom device name.
  • Updates were made to IBM Security Verify themes. See Modify user flow pages.
  • Updated list of supported application templates. Added support for the following applications:
    • None
    See Supported connectors for applications.
Notifications
  • To improve security, the state and nonce query parameters in the OpenID Connect authorization request must be at least 8 characters long. This change becomes effective 30 June 2024. Ensure that your applications are updated.
  • Application grants v1.0 APIs /v1.0/appgrants are deprecated. The end of life is 30 June 2024. See Deprecated APIs. The new APIs require the application ID to be specified and either "Manage OIDC and OAuth application grants" or "Read OIDC and OAuth application grants" API entitlements.
  • The Subscription Usage Dashboard is currently still in preview mode. Some inaccuracies were discovered in the usage statistics. The levels of consumption for your subscriptions might be incorrectly displayed in the dashboard. The issue is being worked on.
    Note: The inaccuracies in the data that is displayed do not affect your billing in any way.
  • New certificates for *.verify.IBM.com are being deployed on 11 December 2023. The current certificates expire on 09 January 2024. See Product requirements.
  • The mtlsidaas global tenants for device managers are now deprecated and will be removed after March 2024. Go to Obtaining a vanity hostname to request a vanity domain. For more information, see Adding a device manager.
  • The RSA-v1.5 Encryption key transport algorithm will not be supported after March 2024. See the Encryption options table in Configuring SAML single sign-on in the identity provider.
  • Access policy management v3.0 APIs /v3.0/policyvault/accesspolicy are deprecated. The end of life is 23 December 2023. See Deprecated APIs. The new APIs are at https://docs.verify.ibm.com/verify/reference/listaccesspolicyrevisions.

December 2023

Notifications
  • New certificates for *.verify.IBM.com are being deployed on 11 December 2023. The current certificates expire on 09 January 2024. See Product requirements.
  • The mtlsidaas global tenants for device managers are now deprecated and will be removed after March 2024. Go to Obtaining a vanity hostname to request a vanity domain. For more information, see Adding a device manager.
  • The RSA-v1.5 Encryption key transport algorithm will not be supported after March 2024. See the Encryption options table in Configuring SAML single sign-on in the identity provider.
  • Changes to OpenID Connect token introspection and userinfo response came in October. After the changes,
    • In the token introspection response, the ext, category, restrictEntitlements, entitlements, and groupUids claims are no longer returned by default.
    • In the token introspection response, token_type now always returns "bearer" for any token that can be introspected.
    • In the user_info response, the ext claim is no longer returned by default.
    • For both token introspection and userinfo, the audience ("aud") value is always returned as a list even when only 1 value exists.
  • IBM Security Verify Analytics Bridge is no longer supported. The documentation was removed.
  • Access policy management v3.0 APIs /v3.0/policyvault/accesspolicy are deprecated. The end of life is 23 December 2023. See Deprecated APIs. The new APIs are at https://docs.verify.ibm.com/verify/reference/listaccesspolicyrevisions.

November 2023

Notifications
  • New certificates for *.verify.IBM.com are being deployed on 11 December 2023. The current certificates expire on 09 January 2024. See Product requirements.
  • The mtlsidaas global tenants for device managers are now deprecated and will be removed after March 2024. Go to Obtaining a vanity hostname to request a vanity domain. For more information, see Adding a device manager.
  • The RSA-v1.5 Encryption key transport algorithm will not be supported after March 2024. See the Encryption options table in Configuring SAML single sign-on in the identity provider.
  • Changes to OpenID Connect token introspection and userinfo response came in October. After the changes,
    • In the token introspection response, the ext, category, restrictEntitlements, entitlements, and groupUids claims are no longer returned by default.
    • In the token introspection response, token_type now always returns "bearer" for any token that can be introspected.
    • In the user_info response, the ext claim is no longer returned by default.
    • For both token introspection and userinfo, the audience ("aud") value is always returned as a list even when only 1 value exists.
  • IBM Security Verify Analytics Bridge is no longer supported. The documentation was removed.
  • Access policy management v3.0 APIs /v3.0/policyvault/accesspolicy are deprecated. The end of life is 23 December 2023. See Deprecated APIs. The new APIs are at https://docs.verify.ibm.com/verify/reference/listaccesspolicyrevisions.

October 2023

  • IBM Security Verify now supports flow designer. With flow designer, you can construct a defined flow by using low code or no code experiences to achieve your workflow. For example, you can orchestrate
    The user journey
    Login, registration, and more.
    Security
    Risk assessment, passkey enrollment and enforcement, and more.
    Identity modernization
    User migration, protecting legacy applications, and more.
    For more information see, Managing flow designer.
  • Dropoff events were added to reports event types and payloads. See Dropoff events payload.
  • Time-based one-time passwords now supports multiple enrollments. See Configuring authentication factors.
  • Updated list of supported application templates. Added support for the following applications:
    • IBM Security Verify
    • Rapid7
    See Supported connectors for applications.
Notifications
  • In the IBM Security Verify Administrator launchpad, templates in the compressed theme file templates/notifications/access_application_request are deprecated and will be removed after June 2024. See Modify request management pages.
  • The mtlsidaas global tenants for device managers are now deprecated and will be removed after March 2024. Go to Obtaining a vanity hostname to request a vanity domain. For more information, see Adding a device manager.
  • The RSA-v1.5 Encryption key transport algorithm will not be supported after March 2024. See the Encryption options table in Configuring SAML single sign-on in the identity provider.
  • Changes to OpenID Connect token introspection and userinfo response are coming in October. After the changes,
    • In the token introspection response, the ext, category, restrictEntitlements, entitlements, and groupUids claims are no longer returned by default.
    • In the token introspection response, token_type now always returns "bearer" for any token that can be introspected.
    • In the user_info response, the ext claim is no longer returned by default.
    • For both token introspection and userinfo, the audience ("aud") value is always returned as a list even when only 1 value exists.
  • IBM Security Verify Analytics Bridge is no longer supported. The documentation was removed.
  • The certificates for *.ice.ibmcloud.com are expiring on 22 June 2023. New certificates are planned to be deployed on 08 June 2023. See Product requirements.
  • Changes to improve performance are coming for the grant management API.
    • When a request to retrieve grants has more than 1000 grants that match the search criteria, the "total" returned counts up only to 1000.
    • Grant "attributes" are no longer be returned.
    • Grant "lastUsed" are no longer be updated when the tokens are introspected or used on the "userinfo" endpoint. The "lastUsed" value is only updated when the refresh token that is associated with the grant is used to exchange for new tokens.
  • Access policy management v3.0 APIs /v3.0/policyvault/accesspolicy are deprecated. The end of life is 23 December 2023. See Deprecated APIs. The new APIs are at https://docs.verify.ibm.com/verify/reference/listaccesspolicyrevisions.
  • Some v1.0 APIs that are related to branding for uploading and downloading templates are now deprecated and will be removed after June 2023. Your branding is not changed. Enhanced and easier-to-use replacements are already available. Visit Migrating from templates to themes.