Add a custom identity verification vendor

Early Access release. See Enable self-service features.

Okta lets you create custom integrations with the identity verification (IDV) vendor of your choice.

If you use one of the supported IDV vendors, use a pre-configured IDV integration. See Add a pre-configured identity verification vendor and verify the list of supported IDV vendors before continuing with this task.

You can't use an IDV vendor identity provider (IdP) for routing rules.

See Identity verification vendors as identity providers.

Before you begin

See your IDV vendor's documentation for help with finding the URLs and other items that you need to provide to Okta.

Start this task

  1. In the Admin Console, go to SecurityIdentity Providers.

  2. Click Add identity provider.
  3. Click Custom ID verification.
  4. Click Next.
  5. Enter a unique name in Instance name.
  6. In the End user sign-in experience section, configure these options:
    • Vendor name: Enter the name of the IDV vendor. This name also appears on the Sign-In Widget (SIW).
    • End user license agreement URL: Enter the URL of the end license agreement. This link appears on the SIW.
    • Privacy statement URL: Enter the URL of the privacy statement. This link appears on the SIW.
  7. In the Vendor credentials and permissions section, configure these options:
    • Client ID: Enter the client ID from your IDV vendor.
    • Client secret: Enter the client secret from your IDV vendor.
    • Scope: The openID, profile, and identity_assurance scopes are pre-filled in the field and are required to perform the verification. Select the field and enter the name of another scope that you want to add. Press Enter. Repeat for each additional scope that you want to add.
  8. In the Endpoints section, configure these options:
    • Issuer: Enter the issuer endpoint.
    • PAR request URL: Enter the URL where the IDV vendor handles the pushed authorization request (PAR) request.
    • Authorize URL: Enter the URL where the IDV vendor handles the authorize request.
    • Token URL: Enter the URL where the IDV handles the token request.
    • JWKS URL: Enter the URL where the IDV vendor provides the JSON web key set (JWKS) parameters to validate the signed ID token.
  9. Click Finish.

If the IDV vendor rejects the request from Okta, check the vendor's event log for troubleshooting information.

Next step

Map profile attributes from Okta to an identity verification vendor