IBM Security Adds New Multifactor Authentication Capabilities

Partner integrations expand the multifactor authentication options available to IBM Security Access Manager users.

two-factor authentication

IBM announced a series of new partnerships on Dec. 6 that provide expanded multifactor authentication integration capabilities.  

Among the new partner integrations are apps from BuyPass, DualAuth, Imageware and Yubico. IBM is now enabling the partner multifactor authentication (MFA) technologies through its IBM Security Access Manager (ISAM) platform. The partner integrations expand the native capabilities that ISAM already includes as part of the platform.

"The pace of innovation and the degree of specialization in the market today is increasing rapidly," Brian Mulligan, offering manager of access and authentication at IBM Security, told eWEEK. "We want to give our customers the integration cost savings of using a single platform for access management, while providing them with more choices to leverage the most innovative solutions in the space."

ISAM natively already had MFA capabilities, including a variety of one-time-password-based mechanisms. Plus, there is IBM Verify, a mobile app for MFA that delivers mobile push-based authentication and works with device-provided biometric authentication mechanisms such as Touch ID and Face ID, Mulligan said.

"Multifactor authentication is in use by the majority of our customers in some capacity today," he said. "However, we are seeing a major re-evaluation of multifactor strategies."

According to Mulligan, organizations are looking to increase the breadth of multifactor authentication in terms of the number of applications protected and the types of MFA options offered. The expanding use of multifactor options has also placed an increasing emphasis on the end-user experience during authentication. 

"If people are asked to perform multifactor authentication more often, it needs to be easy, not just secure," he said.


There are multiple standards in the multifactor authentication space, among them the FIDO Alliance's U2F (Universal Second Factor). Mulligan noted that not all of the MFA partner technologies with which IBM is integrating are FIDO-compliant, though several are, including the solutions from Yubico and DualAuth. 

"IBM Security Access Manager itself provides support for FIDO U2F authentication devices. Any FIDO U2F-compliant device can be used for authentication to ISAM," Mulligan said. "DualAuth can be integrated with authentication factors that support FIDO UAF [Universal Authentication Framework]." 


ISAM has its roots in the single sign-on space, but has expanded over time. Mulligan said ISAM has become an identity security platform incorporating capabilities including enterprise identity provider through standards-based identity federation, identity token translation, multifactor authentication, risk-based access and fine-grained authorization. 

Access in many organizations is connected with directory technologies including Microsoft's Active Directory. Mulligan said that while ISAM itself is not a directory, it can be used with a number of user repositories including IBM Security Directory Suite and Microsoft Active Directory, among others. By integrating with ISAM, organizations can remove the management of user identity-related activities from each application to save application development costs and unify the identity-related operations into a centralized platform, he said. 

ISAM, along with the new MFA integrations, also works on mobile devices.

"Many customers use ISAM today to authenticate users to mobile applications, and in order to make that easier we provide mobile SDKs for iOS and Android developers," Mulligan said. 

IBM plans on further expanding its authentication partnerships in the coming months. In addition, Mulligan said IBM will continue to make it easier to integrate MFA with a wide range of application types and deployment models. IBM is also integrating risk assessment capabilities with the authentication components.

"We provide a number of capabilities in the risk assessment space today and will continue to combine authentication with sophisticated risk assessment to help clients deliver improved security and end-user experiences," Mulligan said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.