### IBM Verify Identity Access Hardware Appliance Quick Start Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt This markdown snippet provides a step-by-step guide for the initial setup and configuration of the IBM Verify Identity Access hardware appliance. It covers physical installation, network configuration, credential setup, and accessing the web console. ```markdown # Hardware Appliance Quick Start 1. Unpack and physically install the IBM Verify Identity Access appliance 2. Connect power and network cables according to specifications 3. Access the initial configuration console via serial or KVM connection 4. Configure network settings: - IP address: 192.168.1.100 - Subnet mask: 255.255.255.0 - Default gateway: 192.168.1.1 - DNS servers: 8.8.8.8, 8.8.4.4 5. Set administrative credentials (minimum 12 characters, mixed case, numbers, symbols) 6. Complete initial security hardening and licensing activation 7. Access web console at https://192.168.1.100:9443 ``` -------------------------------- ### IBM Verify Identity Access Virtual Appliance Deployment Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt This markdown snippet details the process for deploying the IBM Verify Identity Access virtual appliance using different hypervisor technologies. It includes example commands for VMware ESXi and KVM deployments, followed by common post-deployment steps. ```markdown # Virtual Appliance Quick Start 1. Download the OVA/QCOW2 image from IBM Passport Advantage 2. Deploy to your hypervisor (VMware ESXi, KVM, or Hyper-V): # VMware ESXi deployment esxcli software vib install -v /path/to/ibm-verify-11.0.1.ova # KVM deployment virt-install --name ibm-verify \ --memory 8192 \ --vcpus 4 \ --disk /var/lib/libvirt/images/ibm-verify-11.0.1.qcow2 \ --import \ --network bridge=br0 \ --graphics vnc 3. Start the virtual appliance and access console 4. Follow steps 4-7 from Hardware Appliance Quick Start ``` -------------------------------- ### REST API Development Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt Provides Node.js examples for custom authentication and authorization integrations with IBM Verify Identity Access APIs. ```APIDOC ## REST API Development ### Description Building custom integrations with IBM Verify Identity Access APIs using Node.js. This section includes examples for user authentication and authorization checks. ### Method POST ### Endpoint - **Token Endpoint:** `/api/v1/oauth/token` - **Authentication Validation:** `/api/v1/authentication/validate` - **Authorization Check:** `/api/v1/authorization/check` ### Parameters #### Request Body (Authentication Validation) - **username** (string) - Required - The username to validate. - **password** (string) - Required - The password for authentication. - **authenticationMethod** (string) - Required - The authentication method (e.g., "local"). #### Request Body (Authorization Check) - **userId** (string) - Required - The identifier of the user. - **resource** (string) - Required - The resource being accessed. - **action** (string) - Required - The action being performed on the resource. ### Request Example (Node.js Class) ```javascript // Node.js example for custom authentication integration const axios = require('axios'); class IBMVerifyClient { constructor(baseURL, clientId, clientSecret) { this.baseURL = baseURL; this.clientId = clientId; this.clientSecret = clientSecret; this.accessToken = null; } async authenticate() { try { const response = await axios.post( `${this.baseURL}/api/v1/oauth/token`, { grant_type: 'client_credentials', client_id: this.clientId, client_secret: this.clientSecret } ); this.accessToken = response.data.access_token; return this.accessToken; } catch (error) { throw new Error(`Authentication failed: ${error.message}`); } } async validateUserCredentials(username, password) { if (!this.accessToken) { await this.authenticate(); } try { const response = await axios.post( `${this.baseURL}/api/v1/authentication/validate`, { username: username, password: password, authenticationMethod: 'local' }, { headers: { 'Authorization': `Bearer ${this.accessToken}`, 'Content-Type': 'application/json' } } ); return { valid: response.data.authenticated, userId: response.data.userId, groups: response.data.groups, attributes: response.data.attributes }; } catch (error) { return { valid: false, error: error.response?.data?.message || error.message }; } } async checkAuthorization(userId, resource, action) { try { const response = await axios.post( `${this.baseURL}/api/v1/authorization/check`, { userId: userId, resource: resource, action: action }, { headers: { 'Authorization': `Bearer ${this.accessToken}`, 'Content-Type': 'application/json' } } ); return { authorized: response.data.permitted, reason: response.data.reason, appliedPolicies: response.data.policies }; } catch (error) { throw new Error(`Authorization check failed: ${error.message}`); } } } // Usage example async function main() { const client = new IBMVerifyClient( 'https://verify.company.com:9443', 'app-client-id', 'app-client-secret' ); // Authenticate user const authResult = await client.validateUserCredentials('jsmith', 'userPassword123'); console.log('Authentication result:', authResult); // Output: { valid: true, userId: 'uid=jsmith,dc=company,dc=com', // groups: ['employees', 'developers'], attributes: {...} } // Check authorization if (authResult.valid) { const authzResult = await client.checkAuthorization( authResult.userId, '/api/sensitive-data', 'read' ); console.log('Authorization result:', authzResult); // Output: { authorized: true, reason: 'policy_match', // appliedPolicies: ['Corporate Data Access Policy'] } } } main().catch(console.error); ``` ### Response #### Success Response (200) - **Authentication Validation:** - **authenticated** (boolean) - Indicates if the credentials are valid. - **userId** (string) - The unique identifier of the user. - **groups** (array of strings) - The groups the user belongs to. - **attributes** (object) - User attributes. - **Authorization Check:** - **permitted** (boolean) - Indicates if the user is authorized. - **reason** (string) - The reason for the authorization decision. - **policies** (array of strings) - The policies applied to the decision. #### Response Example (Authentication Validation) ```json { "authenticated": true, "userId": "uid=jsmith,dc=company,dc=com", "groups": ["employees", "developers"], "attributes": {} } ``` #### Response Example (Authorization Check) ```json { "permitted": true, "reason": "policy_match", "policies": ["Corporate Data Access Policy"] } ``` ``` -------------------------------- ### Develop and Evaluate Custom Policies with Python Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt This Python example shows how to interact with the IBM Verify API to create and evaluate custom authorization policies. It uses the 'requests' library to send POST requests to policy endpoints. The code defines a PolicyEngine class with methods for policy creation and evaluation, handling user context and resource details. It requires the 'requests' and 'json' libraries. ```python import requests import json from datetime import datetime class PolicyEngine: def __init__(self, verify_url, api_token): self.verify_url = verify_url self.headers = { 'Authorization': f'Bearer {api_token}', 'Content-Type': 'application/json' } def create_custom_policy(self, policy_definition): """Create a custom authorization policy""" endpoint = f'{self.verify_url}/api/v1/policies/custom' policy = { 'name': policy_definition['name'], 'description': policy_definition['description'], 'priority': policy_definition.get('priority', 100), 'conditions': policy_definition['conditions'], 'actions': policy_definition['actions'], 'enabled': True } response = requests.post(endpoint, headers=self.headers, json=policy) response.raise_for_status() return response.json() def evaluate_policy(self, user_context, resource): """Evaluate policies against user context""" endpoint = f'{self.verify_url}/api/v1/policies/evaluate' evaluation_request = { 'userId': user_context['userId'], 'userGroups': user_context.get('groups', []), 'userAttributes': user_context.get('attributes', {}), 'resource': resource['path'], 'resourceType': resource['type'], 'action': resource['action'], 'environment': { 'ipAddress': user_context.get('ipAddress'), 'timestamp': datetime.utcnow().isoformat(), 'deviceTrust': user_context.get('deviceTrust', 'unknown') } } response = requests.post(endpoint, headers=self.headers, json=evaluation_request) response.raise_for_status() return response.json() # Usage example engine = PolicyEngine('https://verify.company.com:9443', 'your-api-token') # Define a time-based access policy policy_definition = { 'name': 'Business Hours Access Policy', 'description': 'Restrict access to sensitive resources during business hours only', 'priority': 50, 'conditions': [ { 'type': 'time', 'operator': 'between', 'value': {'start': '08:00', 'end': '18:00', 'timezone': 'America/New_York'} }, { 'type': 'group', 'operator': 'in', 'value': ['employees', 'contractors'] }, { 'type': 'ip', 'operator': 'in_range', 'value': ['10.0.0.0/8', '172.16.0.0/12'] } ], 'actions': [ {'permit': ['read']}, {'deny': ['write', 'delete']} ] } # Create the policy result = engine.create_custom_policy(policy_definition) print(f"Policy created: {result['policyId']}") # Evaluate policy for a user user_context = { 'userId': 'jsmith', 'groups': ['employees', 'developers'], 'attributes': {'department': 'Engineering', 'clearance': 'confidential'}, 'ipAddress': '10.50.1.100', 'deviceTrust': 'managed' } resource = { 'path': '/api/financial-records', 'type': 'api', 'action': 'read' } evaluation = engine.evaluate_policy(user_context, resource) print(f"Access decision: {evaluation['decision']}") print(f"Applied policies: {evaluation['appliedPolicies']}") print(f"Reason: {evaluation['reason']}") ``` -------------------------------- ### Check System Logs for Errors using cURL and jq Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt This snippet shows how to retrieve system error logs from IBM Verify using cURL and filter the output with jq. It performs a GET request to the logs endpoint, specifying error level and a time range. The jq command then formats the output to show timestamp, component, and message for each log entry. Requires 'jq' to be installed. ```shell curl -X GET "https://verify.company.com:9443/api/v1/logs?level=error&hours=24" \ -H "Authorization: Bearer ${ADMIN_TOKEN}" | jq '.entries[] | {timestamp, component, message}' ``` -------------------------------- ### Custom Policy Development API Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt Provides endpoints for creating and evaluating custom authorization policies using a Python SDK example. ```APIDOC ## Custom Policy Development ### Description This section details the process of creating and deploying custom authorization policies. It includes examples for policy creation and evaluation using a Python client. ### API Endpoints #### POST /api/v1/policies/custom ##### Description Creates a new custom authorization policy. ##### Method POST ##### Endpoint `https://verify.company.com:9443/api/v1/policies/custom` ##### Parameters ###### Request Body - **name** (string) - Required - The name of the policy. - **description** (string) - Required - A description of the policy. - **priority** (integer) - Optional - The priority of the policy (default: 100). - **conditions** (array) - Required - A list of conditions for the policy. - **type** (string) - Required - The type of condition (e.g., 'time', 'group', 'ip'). - **operator** (string) - Required - The operator for the condition (e.g., 'between', 'in', 'in_range'). - **value** (object/array) - Required - The value(s) to check against. - **actions** (array) - Required - A list of actions the policy allows or denies. - **permit** (array of strings) - Actions to permit. - **deny** (array of strings) - Actions to deny. - **enabled** (boolean) - Required - Whether the policy is enabled. ##### Request Example (Python SDK) ```python policy_definition = { 'name': 'Business Hours Access Policy', 'description': 'Restrict access to sensitive resources during business hours only', 'priority': 50, 'conditions': [ {'type': 'time', 'operator': 'between', 'value': {'start': '08:00', 'end': '18:00', 'timezone': 'America/New_York'}}, {'type': 'group', 'operator': 'in', 'value': ['employees', 'contractors']}, {'type': 'ip', 'operator': 'in_range', 'value': ['10.0.0.0/8', '172.16.0.0/12']} ], 'actions': [ {'permit': ['read']}, {'deny': ['write', 'delete']} ], 'enabled': True } engine.create_custom_policy(policy_definition) ``` #### POST /api/v1/policies/evaluate ##### Description Evaluates existing policies against a given user context and resource. ##### Method POST ##### Endpoint `https://verify.company.com:9443/api/v1/policies/evaluate` ##### Parameters ###### Request Body - **userId** (string) - Required - The user's ID. - **userGroups** (array of strings) - Optional - Groups the user belongs to. - **userAttributes** (object) - Optional - Attributes of the user. - **resource** (object) - Required - The resource being accessed. - **path** (string) - Required - The path of the resource. - **type** (string) - Required - The type of the resource (e.g., 'api'). - **action** (string) - Required - The action being performed on the resource. - **environment** (object) - Optional - Environmental context for evaluation. - **ipAddress** (string) - The IP address of the client. - **timestamp** (string) - The current timestamp (ISO 8601 format). - **deviceTrust** (string) - The trust level of the device. ##### Request Example (Python SDK) ```python user_context = { 'userId': 'jsmith', 'groups': ['employees', 'developers'], 'attributes': {'department': 'Engineering', 'clearance': 'confidential'}, 'ipAddress': '10.50.1.100', 'deviceTrust': 'managed' } resource = { 'path': '/api/financial-records', 'type': 'api', 'action': 'read' } engine.evaluate_policy(user_context, resource) ``` ### Response #### Success Response (200) - **decision** (string) - The access decision ('permit' or 'deny'). - **appliedPolicies** (array of strings) - Names of policies that were applied. - **reason** (string) - Explanation for the decision. ``` -------------------------------- ### GET /api/v1/logs - Log Retrieval Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt Retrieves system logs, allowing filtering by error level and time range. Useful for troubleshooting. ```APIDOC ## GET /api/v1/logs ### Description Retrieves system logs, enabling filtering by log level (e.g., 'error') and the preceding time window (in hours). This endpoint is crucial for diagnosing system issues. ### Method GET ### Endpoint https://verify.company.com:9443/api/v1/logs ### Parameters #### Query Parameters - **level** (string) - Required - The minimum log level to retrieve (e.g., 'error', 'warn', 'info'). - **hours** (integer) - Required - The number of past hours to retrieve logs from. ### Request Example ```bash curl -X GET "https://verify.company.com:9443/api/v1/logs?level=error&hours=24" \ -H "Authorization: Bearer ${ADMIN_TOKEN}" | jq '.entries[] | {timestamp, component, message}' ``` ### Response #### Success Response (200) - **entries** (array) - A list of log entries. - **timestamp** (string) - The timestamp of the log entry. - **component** (string) - The component that generated the log. - **message** (string) - The log message. #### Response Example ```json { "entries": [ { "timestamp": "2025-10-14T12:45:30Z", "component": "webseald", "message": "Junction timeout connecting to backend server intranet-backend.company.com:8080" } ] } ``` ``` -------------------------------- ### Get System Health Status Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt Retrieves the current health status of the IBM Verify system components. This includes uptime, CPU and memory usage, disk space, and the status of running services. Requires administrative access. ```bash curl -X GET https://verify.company.com:9443/api/v1/system/health \ -H "Authorization: Bearer ${ADMIN_TOKEN}" | jq '.' ``` -------------------------------- ### Navigating IBM Verify Identity Access Repository Structure Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt This snippet outlines the directory structure of the IBM Verify Identity Access documentation repository and demonstrates basic navigation and search commands using the command line. It shows how to view the main documentation file and search for specific topics. ```bash # Repository root structure /app/repos/websites/ibm_en_sva_11_0_1/ ├── README.md # Repository metadata ├── docs/ # Documentation content │ └── en/ # English language docs │ └── sva/ # Security Verify Access │ └── 11.md # Version 11.x documentation └── .git/ # Git version control # Navigating the documentation cd /app/repos/websites/ibm_en_sva_11_0_1 cat docs/en/sva/11.md # View main documentation # Search for specific topics grep -i "authentication" docs/en/sva/11.md grep -i "configuration" docs/en/sva/11.md grep -i "API" docs/en/sva/11.md # Expected structure for accessing specific sections: # The markdown file contains navigation elements for: # - Table of contents filtering # - Version selection dropdowns # - Dark mode toggle # - Full table of contents expansion ``` -------------------------------- ### Accessing IBM Verify Identity Access Documentation Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt This snippet shows how to access the main documentation file for IBM Verify Identity Access v11.0.1 and lists the key sections available within the documentation. It also displays the available version navigation options. ```markdown # Accessing the documentation 1. Navigate to the main documentation file: /app/repos/websites/ibm_en_sva_11_0_1/docs/en/sva/11.md 2. The documentation includes these main sections: - Welcome - Accessibility features for Verify Identity Access - Hardware Appliance Quick Start Guide - Virtual Appliance Quick Start Guide - Critical changes in this release - Product overview - Configuring - Administering - Auditing - Troubleshooting - Error messages - Reference - Developing - IBM Verify application - Download individual PDF guides - Product legal notices 3. Version navigation: Available versions: 11.0.1, 11.0.0, 10.0.9, 10.0.8, 10.0.7, 10.0.6, 10.0.5, 10.0.4, 10.0.3, 10.0.2, 10.0.1, 10.0.0, 9.0.7 ``` -------------------------------- ### Backup and Restore Operations Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt Initiates system backup operations with specified configurations. ```APIDOC ## POST /api/v1/backup ### Description Initiates system backup operations, allowing configuration of backup type, destination, encryption, and schedule. ### Method POST ### Endpoint https://verify.company.com:9443/api/v1/backup ### Parameters #### Request Body - **type** (string) - Required - The type of backup (e.g., 'full', 'incremental'). - **destination** (string) - Required - The destination URI for the backup (e.g., 'sftp://backup.company.com/ibm-verify/'). - **encryption** (boolean) - Optional - Whether to encrypt the backup. - **schedule** (string) - Optional - The cron schedule for automated backups (e.g., '0 2 * * *'). ### Request Example ```json { "type": "full", "destination": "sftp://backup.company.com/ibm-verify/", "encryption": true, "schedule": "0 2 * * *" } ``` ### Response #### Success Response (200) - **status** (string) - The status of the backup operation initiation. #### Response Example ```json { "status": "success" } ``` ``` -------------------------------- ### Create New User Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt Adds a new user to the IBM Verify system. This includes setting username, name, email, group memberships, password policies, and MFA status. Requires administrative privileges and a valid admin token. ```bash curl -X POST https://verify.company.com:9443/api/v1/users \ -H "Authorization: Bearer ${ADMIN_TOKEN}" \ -H "Content-Type: application/json" \ -d '{ "username": "jsmith", "firstName": "John", "lastName": "Smith", "email": "john.smith@company.com", "groups": ["employees", "developers"], "password": "TempPassword123!", "passwordChangeRequired": true, "mfaEnabled": true }' ``` -------------------------------- ### Configure Access Policies Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt Sets up access policies to control user access to resources based on groups, methods, and conditions like IP range and time window. This API call requires an administrative token and defines access rules for specific resources. ```bash curl -X POST https://verify.company.com:9443/api/v1/policies \ -H "Authorization: Bearer ${ADMIN_TOKEN}" \ -H "Content-Type: application/json" \ -d '{ "name": "Corporate Web Access", "description": "Standard employee access to web applications", "rules": [ { "resource": "/webapp/*", "methods": ["GET", "POST"], "groups": ["employees", "contractors"], "conditions": { "ipRange": "10.0.0.0/8", "timeWindow": "08:00-18:00" } } ] }' ``` -------------------------------- ### Performance monitoring Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt Retrieve performance metrics for the IBM Verify Identity Access platform. This API provides insights into system load and response times. ```APIDOC ## GET /api/v1/metrics ### Description Retrieve performance metrics for the IBM Verify Identity Access platform. This API provides insights into system load and response times. ### Method GET ### Endpoint https://verify.company.com:9443/api/v1/metrics ### Parameters No parameters are required for this endpoint. ### Response #### Success Response (200) - **http.requestsPerSecond** (number) - The number of HTTP requests per second. - **http.avgResponseTime** (number) - The average response time in milliseconds. - **sessions.active** (number) - The number of currently active user sessions. - **cache.hitRate** (number) - The cache hit rate as a decimal. ### Response Example ```json { "requests_per_second": 1250, "avg_response_time": 45, "active_sessions": 3420, "cache_hit_rate": 0.87 } ``` ``` -------------------------------- ### Import Server Certificate Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt Imports a server certificate and its private key into the IBM Verify system. This is crucial for establishing secure HTTPS connections. It requires specifying the certificate and key file paths, keystore, and a label for the certificate. ```bash curl -X POST https://verify.company.com:9443/api/v1/certificates/import \ -H "Authorization: Bearer ${ADMIN_TOKEN}" \ -F "certificate=@/path/to/server-cert.pem" \ -F "privateKey=@/path/to/server-key.pem" \ -F "keystore=server" \ -F "label=www-server-cert" ``` -------------------------------- ### Configure Backup Operation Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt Schedules a backup operation for the IBM Verify system. This command allows configuration of backup type (full/incremental), destination, encryption, and schedule. Requires administrative privileges. ```bash curl -X POST https://verify.company.com:9443/api/v1/backup \ -H "Authorization: Bearer ${ADMIN_TOKEN}" \ -H "Content-Type: application/json" \ -d '{ "type": "full", "destination": "sftp://backup.company.com/ibm-verify/", "encryption": true, "schedule": "0 2 * * *" }' ``` -------------------------------- ### Configure Access Policies Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt Configures access policies to define rules for resource access based on various conditions. ```APIDOC ## POST /api/v1/policies ### Description Configures access policies to define rules for resource access based on various conditions. ### Method POST ### Endpoint https://verify.company.com:9443/api/v1/policies ### Parameters #### Request Body - **name** (string) - Required - The name of the access policy. - **description** (string) - Optional - A description for the policy. - **rules** (array of objects) - Required - A list of access rules. - **resource** (string) - Required - The resource path to protect. - **methods** (array of strings) - Required - Allowed HTTP methods for the resource. - **groups** (array of strings) - Required - Groups authorized to access the resource. - **conditions** (object) - Optional - Conditions for the rule. - **ipRange** (string) - Required if conditions are present - The IP address range allowed. - **timeWindow** (string) - Required if conditions are present - The time window for access. ### Request Example ```json { "name": "Corporate Web Access", "description": "Standard employee access to web applications", "rules": [ { "resource": "/webapp/*", "methods": ["GET", "POST"], "groups": ["employees", "contractors"], "conditions": { "ipRange": "10.0.0.0/8", "timeWindow": "08:00-18:00" } } ] } ``` ### Response #### Success Response (200) - **status** (string) - The status of the operation. #### Response Example ```json { "status": "success" } ``` ``` -------------------------------- ### Configure Reverse Proxy Junction Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt Creates a reverse proxy junction for secure access to backend applications. This involves specifying the junction name, backend server details, junction type, and other connection properties. Requires administrative privileges. ```bash curl -X POST https://verify.company.com:9443/api/v1/junctions \ -H "Authorization: Bearer ${ADMIN_TOKEN}" \ -H "Content-Type: application/json" \ -d '{ "name": "/intranet", "serverHostname": "intranet-backend.company.com", "serverPort": 8080, "junctionType": "ssl", "basicAuthMode": "supply", "stateful": true, "preserveHost": true }' ``` -------------------------------- ### Configure Authentication Mechanism Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt Configures authentication mechanisms such as LDAP for user verification. ```APIDOC ## POST /api/v1/authentication ### Description Configures authentication mechanisms, such as LDAP, for user verification. ### Method POST ### Endpoint https://verify.company.com:9443/api/v1/authentication ### Parameters #### Request Body - **mechanism** (string) - Required - The type of authentication mechanism (e.g., 'ldap'). - **server** (string) - Required - The server address for the authentication mechanism. - **baseDN** (string) - Required - The base distinguished name for LDAP searches. - **bindDN** (string) - Required - The bind distinguished name for authenticating to the LDAP server. - **bindPassword** (string) - Required - The password for the bind distinguished name. - **userFilter** (string) - Required - The filter to use for searching users. - **attributes** (array of strings) - Required - The attributes to retrieve for users. ### Request Example ```json { "mechanism": "ldap", "server": "ldap://directory.company.com:389", "baseDN": "dc=company,dc=com", "bindDN": "cn=admin,dc=company,dc=com", "bindPassword": "securePassword123", "userFilter": "(uid=%v)", "attributes": ["uid", "cn", "mail", "memberOf"] } ``` ### Response #### Success Response (200) - **status** (string) - The status of the operation. #### Response Example ```json { "status": "success" } ``` ``` -------------------------------- ### POST /api/v1/mobile/enroll Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt Generates enrollment data, such as a QR code, for users to register with the IBM Verify mobile application. ```APIDOC ## POST /api/v1/mobile/enroll ### Description Initiates the enrollment process for a user with the IBM Verify mobile application, typically by generating a QR code for the user to scan. ### Method POST ### Endpoint `https://verify.company.com:9443/api/v1/mobile/enroll` ### Parameters #### Request Body - **userId** (string) - Required - The unique identifier of the user to enroll. - **enrollmentMethod** (string) - Required - The method for enrollment (e.g., "qrcode"). - **deviceName** (string) - Optional - The name of the device for which enrollment is being generated. ### Request Example ```json { "userId": "jsmith", "enrollmentMethod": "qrcode", "deviceName": "iPhone 14 Pro" } ``` ### Response #### Success Response (200) - **enrollmentId** (string) - The unique identifier for this enrollment session. - **qrCodeData** (string) - The data required to generate a QR code for enrollment (if applicable). #### Response Example ```json { "enrollmentId": "enr-abc123", "qrCodeData": "otpauth://totp/IBMVerify:jsmith?secret=JBSWY3DPEHPK3PXP&issuer=IBMVerify" } ``` ``` -------------------------------- ### Generate Compliance Reports using cURL Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt This snippet demonstrates how to generate compliance reports, such as access reviews, using the IBM Verify API via a cURL command. It specifies the report type, period, format, and filters for users and resources. Ensure you have a valid ADMIN_TOKEN for authentication. ```shell curl -X POST https://verify.company.com:9443/api/v1/audit/reports \ -H "Authorization: Bearer ${ADMIN_TOKEN}" \ -H "Content-Type: application/json" \ -d '{ "reportType": "access_review", "period": "2025-Q3", "format": "pdf", "includeDetails": true, "filters": { "users": ["executives", "privileged_users"], "resources": ["/sensitive/*", "/admin/*"] } }' ``` -------------------------------- ### Monitor Performance Metrics (REST API) Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt This snippet illustrates how to retrieve performance metrics from IBM Verify Identity Access. It fetches data on requests per second, average response time, active sessions, and cache hit rate, then formats the output using 'jq'. ```bash curl -X GET https://verify.company.com:9443/api/v1/metrics \ -H "Authorization: Bearer ${ADMIN_TOKEN}" | jq '{ requests_per_second: .http.requestsPerSecond, avg_response_time: .http.avgResponseTime, active_sessions: .sessions.active, cache_hit_rate: .cache.hitRate }' ``` -------------------------------- ### Configure Reverse Proxy Junction Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt Configures a reverse proxy junction to route traffic to backend applications. ```APIDOC ## POST /api/v1/junctions ### Description Configures a reverse proxy junction to route traffic to backend applications. ### Method POST ### Endpoint https://verify.company.com:9443/api/v1/junctions ### Parameters #### Request Body - **name** (string) - Required - The name of the junction (e.g., '/intranet'). - **serverHostname** (string) - Required - The hostname of the backend server. - **serverPort** (integer) - Required - The port of the backend server. - **junctionType** (string) - Required - The type of junction (e.g., 'ssl'). - **basicAuthMode** (string) - Optional - Basic authentication mode. - **stateful** (boolean) - Optional - Whether the junction is stateful. - **preserveHost** (boolean) - Optional - Whether to preserve the original Host header. ### Request Example ```json { "name": "/intranet", "serverHostname": "intranet-backend.company.com", "serverPort": 8080, "junctionType": "ssl", "basicAuthMode": "supply", "stateful": true, "preserveHost": true } ``` ### Response #### Success Response (200) - **status** (string) - The status of the operation. - **junctionId** (string) - The ID of the created junction. - **url** (string) - The URL of the junction. #### Response Example ```json { "status": "success", "junctionId": "jct-12345", "url": "https://verify.company.com/intranet" } ``` ``` -------------------------------- ### POST /api/v1/mobile/config Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt Configures settings for the IBM Verify mobile application, including push notifications and biometric authentication. ```APIDOC ## POST /api/v1/mobile/config ### Description Configures the IBM Verify mobile application, enabling features like push notifications, biometric authentication, and TOTP. ### Method POST ### Endpoint `https://verify.company.com:9443/api/v1/mobile/config` ### Parameters #### Request Body - **enabled** (boolean) - Required - Whether mobile app features are enabled. - **registrationRequired** (boolean) - Required - Whether user registration is mandatory. - **qrCodeGeneration** (boolean) - Required - Whether QR code generation is enabled for enrollment. - **pushNotifications** (object) - Optional - Configuration for push notifications. - **enabled** (boolean) - Required - Whether push notifications are enabled. - **provider** (string) - Required - The push notification provider (e.g., "firebase"). - **apiKey** (string) - Required - API key for the push notification provider. - **senderId** (string) - Required - Sender ID for the push notification provider. - **biometricAuth** (object) - Optional - Configuration for biometric authentication. - **enabled** (boolean) - Required - Whether biometric authentication is enabled. - **fallbackToPIN** (boolean) - Required - Whether to fall back to PIN if biometrics fail. - **minPINLength** (integer) - Required - The minimum length for the fallback PIN. - **totpSettings** (object) - Optional - Configuration for Time-based One-Time Password (TOTP). - **algorithm** (string) - Required - The TOTP algorithm (e.g., "SHA256"). - **digits** (integer) - Required - The number of digits in the TOTP code. - **period** (integer) - Required - The time period (in seconds) for TOTP code validity. ### Request Example ```json { "enabled": true, "registrationRequired": true, "qrCodeGeneration": true, "pushNotifications": { "enabled": true, "provider": "firebase", "apiKey": "AIzaSyC...", "senderId": "1234567890" }, "biometricAuth": { "enabled": true, "fallbackToPIN": true, "minPINLength": 6 }, "totpSettings": { "algorithm": "SHA256", "digits": 6, "period": 30 } } ``` ### Response #### Success Response (200) - **message** (string) - Confirmation message indicating successful configuration. #### Response Example ```json { "message": "Mobile configuration updated successfully." } ``` ``` -------------------------------- ### System Health Monitoring Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt Retrieves the current health status and performance metrics of the system. ```APIDOC ## GET /api/v1/system/health ### Description Retrieves the current health status and performance metrics of the system, including CPU, memory, and disk usage. ### Method GET ### Endpoint https://verify.company.com:9443/api/v1/system/health ### Parameters No specific parameters required for this endpoint. ### Response #### Success Response (200) - **status** (string) - The overall health status of the system (e.g., 'healthy'). - **uptime** (string) - The system's uptime. - **cpu** (number) - The current CPU utilization percentage. - **memory** (object) - Memory usage details. - **total** (integer) - Total system memory in MB. - **used** (integer) - Used system memory in MB. - **free** (integer) - Free system memory in MB. - **disk** (object) - Disk usage details. - **total** (integer) - Total disk space in GB. - **used** (integer) - Used disk space in GB. - **free** (integer) - Free disk space in GB. - **services** (object) - Status of critical system services. - **[service_name]** (string) - Status of the service (e.g., 'running', 'stopped'). #### Response Example ```json { "status": "healthy", "uptime": "15d 4h 32m", "cpu": 23.5, "memory": { "total": 8192, "used": 4096, "free": 4096 }, "disk": { "total": 500, "used": 120, "free": 380 }, "services": { "webseald": "running", "pdmgrd": "running", "ldap": "running" } } ``` ``` -------------------------------- ### Certificate Management Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt Imports and manages SSL/TLS certificates for secure communication. ```APIDOC ## POST /api/v1/certificates/import ### Description Imports SSL/TLS certificates and their corresponding private keys into the system's keystore. ### Method POST ### Endpoint https://verify.company.com:9443/api/v1/certificates/import ### Parameters #### Request Body (multipart/form-data) - **certificate** (file) - Required - The certificate file (e.g., PEM format). - **privateKey** (file) - Required - The private key file corresponding to the certificate. - **keystore** (string) - Required - The name of the keystore to import into (e.g., 'server'). - **label** (string) - Required - A label or alias for the certificate. ### Request Example ```bash curl -X POST https://verify.company.com:9443/api/v1/certificates/import \ -H "Authorization: Bearer ${ADMIN_TOKEN}" \ -F "certificate=@/path/to/server-cert.pem" \ -F "privateKey=@/path/to/server-key.pem" \ -F "keystore=server" \ -F "label=www-server-cert" ``` ### Response #### Success Response (200) - **status** (string) - The status of the certificate import operation. #### Response Example ```json { "status": "success" } ``` ``` -------------------------------- ### Generate IBM Verify Mobile App Enrollment QR Code using cURL Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt This snippet demonstrates how to generate a QR code for user enrollment with the IBM Verify mobile application. It uses a cURL command to post a request with the user ID and desired enrollment method ('qrcode'), along with device information. The output is piped to 'jq' to extract the 'qrCodeData' for display or use. This is essential for users to easily link their mobile device to their IBM Verify account. ```shell # Generate QR code for user enrollment curl -X POST https://verify.company.com:9443/api/v1/mobile/enroll \ -H "Authorization: Bearer ${ADMIN_TOKEN}" \ -H "Content-Type: application/json" \ -d '{ "userId": "jsmith", "enrollmentMethod": "qrcode", "deviceName": "iPhone 14 Pro" }' | jq -r '.qrCodeData' ``` -------------------------------- ### Configure Audit Settings Source: https://context7.com/context7/ibm_en_sva_11_0_1/llms.txt Configures audit logging settings, including enabled status, log level, event filtering, retention policies, and syslog forwarding. ```APIDOC ## PUT /api/v1/audit/config ### Description Configures audit logging settings, including enabled status, log level, event filtering, retention policies, and syslog forwarding. ### Method PUT ### Endpoint https://verify.company.com:9443/api/v1/audit/config ### Parameters #### Request Body - **enabled** (boolean) - Required - Whether audit logging is enabled. - **logLevel** (string) - Optional - The level of detail for logs (e.g., 'detailed', 'basic'). - **events** (array of strings) - Optional - List of specific events to audit. - **retention** (object) - Optional - Log retention policies. - **days** (integer) - Required if retention is specified - Number of days to retain logs. - **maxSize** (string) - Required if retention is specified - Maximum size of logs (e.g., '10GB'). - **syslog** (object) - Optional - Syslog forwarding configuration. - **enabled** (boolean) - Required if syslog is specified - Whether to forward logs to syslog. - **server** (string) - Required if syslog is specified - The syslog server address. - **port** (integer) - Required if syslog is specified - The syslog server port. - **protocol** (string) - Required if syslog is specified - The protocol to use (e.g., 'tcp', 'udp'). - **format** (string) - Required if syslog is specified - The log format (e.g., 'cef'). ### Request Example ```json { "enabled": true, "logLevel": "detailed", "events": [ "authentication", "authorization", "configuration_change", "certificate_operation", "user_management" ], "retention": { "days": 90, "maxSize": "10GB" }, "syslog": { "enabled": true, "server": "siem.company.com", "port": 514, "protocol": "tcp", "format": "cef" } } ``` ### Response #### Success Response (200) - **status** (string) - The status of the configuration update. #### Response Example ```json { "status": "success" } ``` ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.