Secure Applications Built on OpenShift with the IBM Security Verify Operator

This is a guest post written by Milan Patel, Product Manager, IBM Security Verify.

IBM Security Verify SaaS is a purpose-built Identity-as-a-Service (IDaaS) to help clients optimize how they protect applications from the cloud. This includes single sign-on, multifactor authentication, governance, and more from the cloud. As clients look to modernize applications through a hybrid cloud approach, a consistent and secure framework is required. This consists of advanced security policies, modern security protocols, and an on-ramp to leveraging these modern and advanced security from legacy identity approaches.

IBM Security Verify SaaS helps protect any user for any application across any cloud through an as-a-Service experience. As clients run multicloud deployments, Verify SaaS becomes the centralized platform to protect applications.

 Listen to Scott Exton introduce IBM Security Verify Operator

Bringing developer time to value to Red Hat OpenShift with IBM Security Verify

With Red Hat OpenShift, clients are enabled to use Red Hat SSO, a software enabled access management solution, to provide singlesign-on, multifactor authentication, and more to help protect the OpenShift platform and applications built on OpenShift.

To provide an additional deployment model value to OpenShift clients, we are announcing the start of how clients can benefit from building on the Red Hat OpenShift platform with IBM Security Verify. Security and identity are critical enablers of how modernization is experienced and are in most cases implied as part of application development; however, it is a very complex topic that consists of redefining and evaluating existing and new Identity and Access Management (IAM) stacks. As we see the inherent value for our clients to start their journey to cloud-built on OpenShift, the need to make our client journey simpler is critical, from a business and technology perspective.

This is why we are introducing two on-ramps for Red Hat OpenShift clients to experience the value from IBM Security Verify: 

• IBM Security Verify Operator
• IBM Security Verify SSO

 IBM Security Verify Operator

The IBM Security Verify Operator provides OpenShift admins and developers a streamlined way for protecting applications with IBM Security Verify. Admins and/or developers can configure their OpenShift environment to leverage IBM Security Verify SaaS so applications can be dynamically onboarded and protected through a single IDaaS experience. Developers do not have to worry about configuring all their applications one at a time with IBM Security Verify., Instead, they can automate the onboarding of applications using Dynamic Client Registration, based on the OpenID Connect Specification.

The Verify Operator is certified and available via the Red Hat OpenShift catalog. In conjunction with the NGINX operator, the Verify Operator can be used to streamline all resources through the NGINX ingress controller. When NGINX is used as the ingress controller, the Verify Operator can be leveraged using special annotations in the ingress definition to protect all services.

IBM Security Verify SaaS SSO

As part of simplifying the on-ramp of protecting applications built on OpenShift, we are also providing an IBM Security Verify SSO plan for clients/developers who do not have an existing Verify SaaS tenant to start protecting applications from the cloud. Clients modernizing with OpenShift will be able to use a "no user or application limit" deployment of IBM Security Verify SaaS tenant with single sign-on. IBM Security Verify SaaS also comes with a modernization framework that allows the preservation of legacy sign-on experiences while coexisting with modern sign-on experience, using the IBM Application Gateway.

IBM Security Verify SaaS for OpenShift clients also comes with the following capabilities:

• Scalable directory
• Integration with existing identity sources
• Social log-in
• Base analytics dashboards for authentication activity
• Application onboarding and self-service developer portal
• Data privacy and consent engine
• Hosted user registration and profile management capabilities
• Branding and customization of the tenant but also consumer experiences

As part of simplifying the developer experience, IBM Security Verify provides an easy way to export the credential information required by the Verify Operator so that it can communicate with IBM Security Verify SaaS.

As the need for more advanced capabilities are needed, administrators and developers can simply add more capability such as multifactor authentication, governance, advanced risk-based authentication, and advanced analytics with a simple subscription enabled.

See it in action

Get started now

To get started, install the IBM Security Verify Operator. You will be able to obtain your Verify SSO tenant or bring your existing tenant.

If you already have Red Hat SSO and want to extend how IBM Security Verify SaaS can provide additional capabilities, see the open source extensions available.

Get started right away with IBM Security Verify