Add an identity verification vendor as an identity provider

You can configure an identity verification (IDV) vendor as an identity provider (IdP) in Okta. This enables you to request an identity verification to ensure that the right user is onboarding or resetting their account.

Identity verification helps ensure that the person presenting the information is the rightful owner of that identity. This process can involve various methods, like device intelligence, knowledge-based authentication (KBA) questions, biometric verification, and multifactor authentication (MFA). The IDV vendor checks a user's government-issued identity document and prompts them to take a selfie to satisfy a liveness check.

Identity verification adds an extra layer of phishing-resistance in your org.

Before you begin

• You can't use an IDV vendor IdP for routing rules.
• Add your Okta org URLs to the IDV vendor's allowlist:
  • Use this URL format (including the callback path) if you use the Incode or CLEAR Verified IDV vendor:

    https://org-name.okta.com/idp/identity-verification/callback

  • Use this URL format if you use the Persona IDV vendor:

    org-name.okta.com

• If the IDV vendor rejects the request from Okta, check the vendor's event log for troubleshooting information.

Supported IDV vendors

Okta supports adding these IDV vendors as IdPs:

• Persona: Okta integration overview

Early Access release. See Enable self-service features.

• CLEAR Verified: Getting Started
• Incode: Developer Hub

Start this task

1. In the Admin Console, go to SecurityIdentity Providers.
2. Click Add identity provider.
3. Select the IDV vendor, and then click Next. The Configure <IDV vendor name> identity verification page appears.
4. On the page, enter the details of the IDV vendor. Each IDV vendor uses different field names. See your IDV vendor's dashboard to find the name for each field.
5. Optional. Set up fuzzy matching in the IDV vendor. See your IDV vendor's documentation. Okta passes the First Name and Last Name profile attributes from Universal Directory to the IDV vendor.
6. Click Finish. The IDV vendor appears in the list on the Identity Providers page.

To update the IDV vendor IdP, go to Identity ProvidersActionsConfigure Identity Provider.

To deactivate the IDV vendor IdP, go to Identity ProvidersActiveDeactivate. You can delete the IdP after deactivating it.

Map profile attributes from Okta to the IDV vendor IdP

Early Access release. See Enable self-service features.

Okta lets you map the first name and last name profile attributes from Okta to the IDV vendor. Mappings flow one way from Okta to the IDV vendor. Mapping is required for the first and last names to help the IDV vendor process the user's name correctly. You can start this procedure from the Identity Providers page, or from the Profile Editor page.

Start from the Identity Providers page

1. In the Admin Console, go to SecurityIdentity Providers.
2. Click Actions for the IDV vendor you want to map profile attributes with.
3. Select Edit profile and mappings. The Profile editor page appears.
4. Click Mappings. If more than one user type is available, select one from the dropdown menu. The IDV vendor User Profile Mappings page appears.
5. Continue with the Map the attributes from Okta to the IDV vendor procedure.

Start from the Profile Editor

1. In the Admin Console, go to DirectoryProfile Editor.

2. Click Mappings for the IDV vendor profile you want to map attributes for. If more than one user type is available, select the user type from the dropdown menu. The IDV vendor User Profile Mappings page appears.
3. Continue with the Map the attributes from Okta to the IDV vendor procedure.

Map the attributes from Okta to the IDV vendor

1. In the Okta column, click the triangle beside the attribute for the first name. It might appear as user.firstName. The IDV vendor's name for this attribute appears in the right column.
2. Select the Okta attribute that you want to map to the IDV vendor attribute from the list. You can also use Okta Expression language to generate the attribute name. For example, if the IDV vendor calls the first name given_name, you could map an Okta attribute like user.firstName or user.legalName to it.
3. In the Okta column, click the triangle beside the attribute for the last name. It might appear as user.lastName. The IDV vendor's name for this attribute appears in the right column.
4. Select the Okta attribute that you want to map to the IDV vendor attribute from the list. For example, if the IDV vendor calls the last name family_name, you could map an Okta attribute like user.lastName to it.
5. Click Save mappings. Or, if you want to preview the change, enter a user's name in the field beside Preview and then click Preview. Okta displays the first and last name of the user in the IDV vendor column.
6. Click Exit preview.
7. Click Apply updates. Okta displays the attributes in the Attributes list.
8. To view details about an attribute, click the i icon for an attribute.

Related topics

Identity Providers

Identity Verification providers in the Okta Integration Network (OIN)

Workflows: Perform identity proofing with a third-party service