Simple Secure Identity Management

Verv IAM

Configure End Users: Signed JWT tokens protect your request from origin to endpoint via the Verv IAM API Gateway. Configure end users and endpoint REST APIs. Credentials can be forwarded encrypted, unencrypted, or as a signed JWT token, using the account secret key. Endpoint services are authenticated at the Verv IAM API Gateway before being forwarded to destination URIs. See the Verv IAM Configuration Guide. Verv IAM identity services are further customisable on demand.

Federated identity can be e.g. User ID, Device ID, Client ID, JSON Web Token (JWT). Secrets can be e.g. Password, Client Secret. REST service internet credential is a validated Verv IAM JWT Token with OpenID scopes. See Verv IAM Configuration Guide for more information

Download Logs as CSV

Configure REST Service:

Use only letters, numbers, hyphens, or underscores with no spaces for Endpoint Name. Please input carefully, as the name and description cannot be changed after the Endpoint is created.

Unique Endpoint Name : Description :
Credentials Forwarding:
JWT Token RS256 signed with account Private Key (verified with the Public Key). e.g. www.example.com/myApp?JWT=mysignedJWT
Complete connection string including endpoint URI and credentials e.g.myexampleAPIGateway.com/myapp?query=myquery&secret=mysecret
SecretID/secretValue and endpoint URI e.g. www.example.com/myApp?userID=encryptedID&password=encryptedPassword

       SecretID Name: SecretID Value:
Secret Value Name:     Secret Value :
         Endpoint URL:
Use the Secrets option for passing credentials in the form of an identifier e.g. UserID and Password, ClientID and Secret Value, TokenID and Token
Forward Endpoint: Verv IAM will forward an unencrypted request as e.g. www.example.com/myApp?userID=myID&password=myPassword. An encrypted request as e.g. www.example.com/myApp?userID=encryptedID&password=encryptedPassword. The encrypted parameters must be decrypted at the endpoint.

Connection URI:
Optional REST Parameters:
Use the Connection URI for the destination endpoint connection string. Add optional parameters to complete connection as appropriate
Verv IAM forwards an unencrypted request to an endpoint as e.g. https://www.example.com/connectionURI?query=myquerystring&userID=myuser&pwd=mypass.
Verv IAM forwards an encrypted request as e.g. https://www.example.com/connectionURI?params=myEncryptedOptionalParameters.
Encrypted parameters must be decrypted at the endpoint server. See Verv IAM User Guide

Scope Item: Scope Item Value:

Token Payload:
Endpoint URL: Token expiry (minutes) :
Add JWS Token Payload (max 5 items). Override token default expiry time of one hour as required. Payload Items can be any custom scopes understood by your application, as well as OAuth 2.0 OpenID Connect required elements. Forward endpoint: Verv IAM will forward a signed JWT request as e.g. https://myServiceEndpointURI?JWT=JWTToken

Credentials Encryption Option:
Forward my secretID/secret, connection parameters and endpoint tags encrypted with my secret Key, protected by my RSA public/private keypair.
Forward unencrypted to my application/system. My network connection is secure, and does not require encrypted message content.

Identity Data Option:
Store encrypted identity data for this End User/Endpoint Remove personal data:

      User ID :
First Name : Last Name :
           Role :    Company :
         Email :           Town :
      Country : PostCode :

Endpoint Tags Option:
Store tags with this End User/Endpoint (maximum 10 tags) Remove all tags:

Add attribute tags:
Tag Name: Tag Value:

Add Tag
Edit or delete tag items in the list below. Update Tags

It is advisable to rotate keys regularly as a strong security measure. This operation cannot be undone!
You must copy all account REST APIs again as the encryption values of your services will be updated.
The new keys may require updated decryption configuration on your system, to decode your endpoint encrypted parameters.
See Verv IAM Configuration Guide for more information on how to use the keys

Keep keys in a safe place. They are only accessible from this page.

Update Rotation Status: Either schedule key rotation or rotate keys now by clicking the update button below. Note: rotating keys means that if you have configured to encrypt your credentials in transit, the decryption key must be updated before decryption at your endpoint URL.

Rotate Account Encryption Keys daily Note: new JWT tokens are issued every 24 hours
Remove Existing Daily Keys Rotation Note: JWT tokens will no longer be updated daily

The RSA PublicPrivate Keypair: modulusLength: 2048,
publicKeyEncoding: {type: 'pkcs8', format: 'pem' },
privateKeyEncoding: {type: 'pkcs8', format: 'pem'}.

Account Secret Key:

Copy Secret Key

Copy Public Key

Copy Private Key

Require Verv IAM VPN to sign in to the account:

Verv IAM VPN is required to access the account.
Verv IAM VPN is NOT required to access the account.

**Important**: This updates the Verv IAM VPN configuration. Note when a VPN sign in is required, a VPN client must be installed and configured before you can sign into the account. You cannot configure your VPN unless you have first set up your VPN Client.
Your VPN username is e.g. VerviamAccountID@verviam.directory.com e.g. VP123456789@verviam.directory.com

VPN Password: copy

Copy VPN Password

Instructions for configuration of VPN to sign in to your Verv IAM Account

Download your VPN configuration file. Configure your VPN Client to use this file to log on to the VPN. Download and install an OpenVPN Client for your device operating system. We recommend AWS OpenVPN Client 3.0.0 or later

VPN Configuration Guide:
    1. Your VPN username is your AccountID@verviam.directory.com e.g. VP1234567890@verviam.directory.com. Copy and save your password.
                VP1234567890@verviam.directory.com
                YourVPNPassword
    2. Download and install AWS OpenVPN Client for your device operating system
    3. Download and save your VerviamVPN.ovpn configuration file. This is the configuration file required by your VPN Client.
    4. Change the Verv IAM VPN config file with the line auth-user-pass "c:\\my-config-directory\\login.txt". Note Windows requires double backslash.
    5. Download and save your VPN client certificate e.g. "c:\\my-config-directory\\client1.domain.tld.crt".
    6. Change the Verv IAM VPN config file with the line --cert. Note Windows requires a double backslash.
    7. Download and save your VPN client key e.g. "c:\\my-config-directory\\client1.domain.tld.key".
    8. Change the Verv IAM VPN config line --key. Note that Windows requires a double backslash.
    9. Configure your downloaded VPN client to use your saved Verv IAM VPN configuration file - VerviamVPN.ovpn
    10. Connect to the VPN. You must be signed into the VPN before you can sign in to the Configure Users, Account Profile and Portal pages.