Adaptive SDK for iOS


This guide will walk though how to make use of Adaptive Access in a native iOS application using the IBM Security Verify Adaptive SDK for iOS. The Adaptive SDK for iOS provides classes which manage authentication transactions that are dependent on policies that include Adaptive access risk determinations.

For a deeper understanding on the different entities involved in Adaptive Access see Adaptive Access.


Adaptive Access subscription

Ensure that your IBM Security Verify tenant has the Adaptive Access subscription enabled. You can check you active subscriptions under Configuration > Subscriptions in your tenant administration console.


You must have Xcode installed on the machine where you will create and run the sample application described in this guide. Xcode is available from the AppStore on MacOS. Download Xcode here.

Adaptive SDK for iOS

You need to have the Adaptive SDK for iOS available in your development environment. This can be downloaded from the IBM Security App Exchange.

Custom application definition

Create a custom application definition and perform Adaptive Sign-On on-boarding. As part of the on-boarding process ensure you select mobile. This will create a link where you can download the Trusteer SDK. For more information, see On-board your application.

Trusteer SDK

Use the link that is displayed after Adaptive Sign-On on-boarding to download the Trusteer SDK.

Set up your environment

You will now set up your development environment by creating a new mobile application and installing the initial dependencies.

Create a new Swift project

Xcode includes several built-in app templates for developing common types of iOS apps.

  1. Open Xcode from the /Applications directory.
  2. In the welcome window, click Create a new Xcode project (or choose File > New > Project). ...
  3. Select iOS at the top of the dialog.
  4. In the Application section, select Single View Application and then click Next.
  5. In the dialog that appears, use the following values to name your app and choose additional options for your project:
Product NameAdaptiveSampleApp
Xcode uses the product name you entered to name your project and the app.
TeamIf this is not automatically filled in, set the team to None.
Organization NameThe name of your organization or your own name. You can leave this blank.
Organization IdentifierYour organization identifier, if you have one. If you donโ€™t, use com.example.
Bundle IdentifierThis value is automatically generated based on your product name and organization identifier.
A Universal app is one that runs on both iPhone and iPad.
Use Core DataUnselected
Include Unit TestsSelected
Include UI TestsUnselected
  1. Click Next.
  2. In the dialog that appears, select a location to save your project and click Create.
    Xcode opens your new project in the workspace window.

Adding the Adaptive Access and Trusteer SDK to the project

  1. Unzip the SDK packages that you downloaded in the pre-requistes section.
  2. In Xcode, open the framework target's General settings
  3. Add the following to the Linked Frameworks and Libraries section:
    • The Framework/IBMAdaptiveKit.xcframework from the Adaptive SDK for iOS package.
    • The .xcframework from the Trusteer SDK package.

Adding the collection service

  1. In your Xcode project, right click a folder and select Add file to ...
  2. Navigate to the folder where the Trusteer SDK was extracted and select default_conf.rpkg, manifest.rpkg and SDK-S\TrusteerCollectionService.swift.
  3. Check Copy items if needed, then click Add.

Reference the SDKs in the app

In the code files, for example ViewController.swift, include the framework references for the application.

import IBMAdaptiveKit

Use the SDK

Using the Adaptive SDK to Authenticate a user

The Adaptive SDK for iOS creates and manages an authentication transaction which includes initial (first-factor) authentication and optional Multi-Factor Authentication (MFA), managing state across requests.

Handle SDK Response

When integrating with the Adaptive SDK for iOS, there are three types of responses which need to be handled:

  • Allow - Authentication complete. Identity and Access Tokens are included with this response.
  • Deny - User is denied access. No further action is possible.
  • Requires - Additional authentication required. Information on allowed methods provided.

The SDK functions can also throw errors. This may happen when, for example, the supplied username and password are incorrect.

You must handle these responses with you own implementation.

Sample Code

See the sample code reference files.