The IBM Security Verify operator can consistently enforce policy-driven security by using the Ingress networking capability of OpenShift in conjunction with the Nginx Ingress operator and IBM Security Verify SaaS. With this approach, you can enforce authentication and authorization policies for all of the applications in your cluster at the same time, without ever changing your application code. You can also dynamically register your application to start protecting them centrally from the cloud via Verify SaaS.
- Simplify application development with "shift left" security
- Developers can simplify protecting applications and easily add single-sign-on with Verify SaaS. No need to deploy or manage an IAM stack - simply provision a Verify SaaS tenant and perform single-sign-on as a service using standards like SAML, OIDC, or OAuth. Even protect legacy, non-standard applications (header, cookie, LTPA).
- Scalable cloud directory with identity source integration
- Centralized storage and management of users and groups through a scalable cloud directory. Verify SaaS allows you to support hundreds of user attributes within the Verify SaaS cloud directory while also having user and group management capabilities for password policies, password reset, and forgot password flows. Verify SaaS also allows you to connect to an existing user registry, such as LDAP or Activity Directory, even if stored on-prem without having to migrate users while also allowing for federation through SAML, OIDC, and social identity providers/sources.
Verify SaaS's directory service can help you store users/groups in the cloud, keep them on-prem, or migrate users as needed to the cloud based on business requirements.
- Analytics and reports
- Verify SaaS provides out of the box analytics to quantify and understand how users are authenticating into applications. There are also an admin reports that display and log all the admin activities associated with the Verify SaaS tenant to ensure an organization remains compliant.
- Consumer (Citizen and Classroom) IAM capabilities
- Verify SaaS offers out of the box hosted registration, profile management, and full featured branded experience for all user interactions (including registration pages, profile management pages, SMS/Email/Voice OTP, FIDO2 use, TOTP use, inline MFA enrollment, error messaging, and more) that an individual may experience to ensure a secure yet frictionless experience. Verify SaaS allows for user flows to create onboarding experiences that are completely brandable for creating a trusted experience. Verify SaaS also allows for the creation of profile management experiences so individuals can mange their profile, including multi-factor authentication enrollments, profile details, and data privacy consents and agreements.
- Data privacy and consent management engine
- Developers can remove the guess work of having to know and apply the proper data privacy and consent rules. Instead, developers can focus on core application development and return consent enforcement through APIs with rules defined by Data Privacy Officers. As rules and End User License Agreement Versions are updated by the Data Privacy Officers, they automatically get reflected in the application without the developer having to intervene.