IBM® Verify, and custom mobile authenticator apps built with the IBM Verify Mobile SDK, support a registration process that binds an authenticator instance to a user.
To enable this registration, Security Verify tenant administrators must create and manage one or more registration profiles. The registration profile represents the configurable attributes for the runtime behavior of IBM Verify registration such as its maximum lifetime. Technically, the registration profile is a very specialized configuration of an OAuth client that supports the authorization code flow.
- Log in to the IBM® Security Verify administration console with an account having administrative entitlements.
This feature is available in a Security Verify subscription and in a combination of Security Verify and Security Verify Connect subscription.
|Subscription Plan||🔳 Security Verify Connect||✅ Security Verify Verify|
All IBM Verify mobile authenticators register with a SV tenant by using a registration profile. Minimally, the profile must have a name, and is automatically assigned a unique ID. It's also recommended to configure a "Service Name". This value is used by IBM Verify to display and identify the registration within a mobile authenticator app.
Since a registration profile is a specialized OAuth configuration, it's also possible to configure and manage aspects of the registration such as access token and refresh token lifetimes. Each registered instance of a mobile authenticator is embodied by an OAuth grant through the authorization code flow. A successful registration results in the mobile authenticator obtaining an access token and refresh token.
The mobile authenticator can use its access token to obtain authorized access to SV APIs that require the entitlement "verifyAuthenticator". This entitlement is automatically associated with the access token during the registration process.