Company connection
Employees scan a setup code, choose a saved code, or enter a company identifier. The app verifies the company before sign in.
MYID Self Verify connects employees, identity providers, directories, security operations, training systems, and administrators through one company controlled mobile experience. Users recover access, manage approved identity details, review security events, and understand the freshness of every result. Administrators control which functions are available for each company and verify readiness before launch.
Each company enables only the functions supported by its environment. The app uses local state for fast display, then refreshes eligible information without pretending old data is new.
Employees scan a setup code, choose a saved code, or enter a company identifier. The app verifies the company before sign in.
Password sign in, tenant verification, trusted device state, biometric return, and protected session refresh work together.
Users can see profile status, password health, MFA health, open incidents, device evidence, training, and freshness where configured.
Change and recovery flows follow provider policy, password rules, step up checks, and the result returned by the connected system.
Users can review supported factors and complete approved enrollment, disable, or removal actions when the provider allows them.
A verified user can request a live directory account unlock and receive a confirmed resulting state instead of an assumed outcome.
Company approved identity fields can be updated with validation and OTP confirmation where required. Profile photos use a separate background path.
Authorized managers can review recovery requests assigned to them without exposing password or OTP values.
When a training provider is connected, users can see current assignments, due dates, progress, and approved learning links.
MYID can translate an identity incident into a focused mobile review. The user sees relevant context, records what happened, and gives security operations a faster source of evidence.
A configured security source supplies an incident that can be associated with a user.
A push notification or in app alert routes the signed in user to protected review.
The user confirms familiar activity or identifies suspicious activity with clear choices.
MYID records the result and can run company approved actions through connected providers.
Autopilot is optional. A company defines the response window, consent behavior, allowed actions, and connected systems. If the user denies an event or does not respond, MYID follows that approved policy and records provider results.
The mobile experience should show only incidents the server can associate with the signed in identity. Pending evidence remains pending. A missing provider result never becomes an invented healthy state.
MYID can load a durable summary and device cache before slower providers finish. Background refresh updates eligible sections and keeps the original freshness of cached evidence. A successful sync, a degraded sync, and a provider failure remain different outcomes.
Current run summaries are available through protected administration endpoints. Durable history requires an authenticated Prometheus collection path and a configured monitoring store.
MYID structures audit evidence around the W7 contract. Sensitive values such as passwords, OTP values, tokens, cookies, and secrets are redacted. Capture metadata states whether a request or response was complete, partial, summarized, or unavailable.
MYID uses provider adapters and company capability controls. Availability depends on the customer environment, permissions, network path, licensed provider functions, and successful readiness testing.
Current connection patterns include IBM Verify, identity management services, Microsoft Entra ID, and provider specific extensions.
Active Directory and LDAP connections can support account status, unlock, profile attributes, password operations, and photo sync.
QRadar incident workflows, endpoint health sources, security notifications, and provider response actions are configured per company.
Firebase messaging, Apple notification delivery, app routing, widgets, and Live Activities can guide users to time sensitive actions.
Email, SMS, provider native OTP, and tenant specific routes can support verification while keeping secrets off the mobile client.
Customer networks can use approved private or hybrid paths for directories and security systems that are not publicly reachable.
IBM reports that Askari Bank worked with SPS on a modern identity program using IBM Verify and MYID capabilities. Published outcomes include a 75 percent reduction in help desk time for password issues, 80 percent staff adoption, 100 percent MFA coverage for sensitive actions, and onboarding reduced from five days to one day.
Results belong to that deployment and are not a guarantee for another customer.
MYID uses recognized security and privacy frameworks as assessment references. Regulatory applicability depends on the customer, data, configuration, contracts, operating environment, and supporting policies. We do not present framework names as certifications.
We map the tenant, enable only supported functions, test each provider, validate user workflows, review audit evidence, and measure performance before production approval.