Add an identity verification vendor as an identity provider

You can configure an identity verification vendor (IDV) as an Identity Provider (IdP) in Okta. This enables you to request an identity verification to ensure that the right user is onboarding or resetting their account. Identity verification helps ensure that the person presenting the information is the rightful owner of that identity. This process can involve various methods, like device intelligence, knowledge-based authentication (KBA) questions, biometric verification, and multifactor authentication (MFA). The IDV checks a user's government-issued identity document and prompts them to take a selfie to satisfy a liveness check.

Identity verification adds an extra layer of phishing-resistance in your org.

Before you begin

• You can't use an Identity Verification IdP for routing rules.
• Add your Okta org URLs to the IDV's allowlist:
  • Use this URL format (including the callback path) if you use the Incode IDV:

    https://org-name.okta.com/idp/identity-verification/callback

  • Use this URL format if you use the Persona IDV:

    org-name.okta.com

• If the IDV rejects the request from Okta, check the vendor's event log for troubleshooting.

Supported IDVs

Okta supports adding these IDVs as IdPs:

• Persona: Documentation

Early Access release. See Enable self-service features.

• Incode: Developer Hub

Start this task

1. In the Admin Console, go to SecurityIdentity Providers.
2. Click Add identity provider.
3. Select the IDV, and then click Next. The Configure <IDV name> identity verification page opens.
4. On the page, enter the details of the vendor. Each vendor uses different field names. See your vendor's dashboard to find the information for each field.
5. Optional. Set up fuzzy matching in the IDV. See your vendor's documentation. Okta passes the First Name and Last Name attributes from Universal Directory to the vendor.
6. Click Finish. The IDV vendor appears in the list on the Identity Providers page.

To update the IDV IdP, go to Identity ProvidersActionsConfigure Identity Provider.

To deactivate the IDV IdP, go to Identity ProvidersActiveDeactivate. You can delete the IdP after deactivating it.

Related topics

Identity Providers

Identity Verification providers in the Okta Integration Network (OIN)

Workflows: Perform identity proofing with a third-party service