Verify Access

The Verify Access track (formerly the IBM Security Access Manager and Cloud Identity track) at Virtual Master Skills University is fully revamped, with all-new presentations and hands-on virtual labs designed to bring experienced ISAM and Cloud Identity users up-to-speed with Verify Access. You'll learn about container architectures, Cloud deployments, and OpenShift; advanced authentication methods like FIDO2, QRCode Login, MMFA, and branching policies; risk-based access; API protection patterns; advanced troubleshooting tips; and more. Plus, you'll learn more about IBM Security Verify, the journey to Cloud, and IAG for on-prem apps and get hands-on with virtual labs.

Click roadmap title to expand/collapse roadmap

Master Skills University 2020 - Verify Access

The total time required to complete this roadmap is 35h 22m.

Welcome to Virtual Master Skills University 2020! This is IBM Security's very first virtual Master Skills event, and we're thrilled that you've chosen to spend part of your week with us. Each day, you'll experience advanced-level knowledge transfer from our top subject matter experts, get hands-on with self-paced virtual labs, and have opportunities to chat live with our experts. Here on Security Learning Academy, you'll find replays of the live Master Skills University sessions, all of the hands-on virtual Master Skills University labs, a virtual Escape Room game, additional relevant courses to help you continue your learning, and more.

To join the live sessions each day, use the “Attendee Catalog” link in your event confirmation and reminder emails. When they are available, recordings of the live sessions will become available here on Security Learning Academy. You cannot access the live sessions from Security Learning Academy.


Day 1: Monday, Sept 21, 2020


Day 2: Tuesday, Sept 22, 2020


Day 3: Wednesday, Sept 23, 2020


Day 4: Thursday, Sept 24, 2020 (Cloud Pak for Security)


Additional Learning


Configure context-based access (CBA) in Verify Access

IBM Security Verify Access (previously known as IBM Security Access Manager or ISAM) supports context-based access (CBA) control based on the dynamic risk assessment or confidence level of a transaction.

In this lab, you learn how to implement CBA based on a value of a certain a parameter in an HTTP POST request and prompts for step-up authentication. The step-up authentication requires the users to provide a time-based one-time password (TOTP). You generate the OTP by using a mobile App on your phone, for example, IBM Verify or Google Authenticator. This lab uses TOTP for step-up authentication but any other supported method can be used.

Configuring Authentication Service Framework, CBA and OAuth Authorization for REST API access

IBM Security Verify Access (previously known as IBM Security Access Manager or ISAM) provides Authentication Service Framework within the AAC module for policy-based strong and second factor authentication features and functions.

In this lab, you learn how to configure and use the /mga/sps/apiauthsvc endpoint for REST API access. First, configure the integration between the Reverse Proxy and the AAC runtime for context-based access (CBA) control, and OAuth Authorization. Then, create an access policy that detects high-value transactions based on a JSON parameter in the HTTP POST request and prompt the users for second-factor authentication (2FA). Users are required to provide a one-time password (OTP) sent to their email address. The users are allowed access after they provide a valid OTP. This lab uses MAC OTP mechanism for 2FA but other supported method can be used.