OneLogin Identity Proofing

Today, we are pleased to announce the launch of the first in a series of new Identity Proofing integrations with our new integration to the Jumio KYX Platform for Identity Verification services.

This integration, which is powered by our OneLogin Workflows solution, brings Identity Verification capabilities into the OneLogin Self Registration experience. OneLogin customers can now enhance their existing Self Registration experiences to ensure that new users must successfully complete Identity Verification before being issued with an Invitation to establish their account in OneLogin.

The solution allows organizations to tie digital identities to real world identities using government issued identity documentation along with selfie and liveness checks which can help an organization meet its compliance requirements and further strengthen the security posture of their OneLogin implementation.

The Self Registration Case

The integration, powered by OneLogin Workflows, ensures that users are sent an Identity Verification request email to the email address which has been already verified in the first step of the standard OneLogin Self Registration process.

OneLogin Self Registration Page

When a user requesting a new OneLogin account receives this email they will be asked to click on a URL to commence a particular Jumio Identity Verification workflow which has been mandated by an organization through their solution configuration.

When the user clicks on the URL, they will be brought into the Jumio Identity Verification service to scan and upload their government issued identity documentation along with a selfie with liveness check functionality.

The user can complete the ID verification process on a desktop with a webcam or switch to a mobile device to complete the process.

Jumio Image Quality Check

The integration solution will then poll the Jumio service for the results of the Identity Verification operation. If successful, the account will be automatically approved for creation in OneLogin, and an invitation email will be sent to the user to complete the OneLogin Account creation process.

OneLogin Invite Email

If the Identity Verification operation reports a negative result, then the account creation process is suspended. An organization can then decide to either automatically delete the requested account or inform the user via email to contact a support desk for assistance and manual verification, if required.

Self-Registration with Identity Verification Benefits

The solution brings immediate benefits to CIAM (Customer Identity and Access Management) use cases which may exist today without any form of Identity Verification in place or where Identity Verification is performed via labor-intensive manual processes. The solution also ensures a strong MFA (Multi Factor Authentication) registration capability so that CIAM implementations can ensure new users validate their real-world identity before being allowed to enroll for MFA or even create a password for their account in the CIAM solution they wish to access.

From a workforce perspective, this solution offers the ability to automate certain steps of the traditional HR (Human Resources) onboarding process for a new hire and brings Identity Verification capabilities to B2B and partner/contractor scenarios which may not be covered sufficiently by B2B federation capabilities or existing onboarding processes today. It can also be used to verify the Identity of potential new hires at the applicant stage to ensure no sensitive company information is disclosed to a malicious actor posing as a candidate for an advertised vacancy.  An organization may wish to have the identity of new applicants verified by this integration. They could then leverage the OneLogin Workflows or Universal Connector solutions to create the user in the target HRIS system and update attributes used to track whether Identity Verification has already been completed. We are excited to see all the diverse ways this integration can be used by our customers. 

Re-Verify your Users

In addition to the capabilities mentioned above, the solution also allows for Identity re-verification workflows to be triggered for users that were put through the Identity Verification process when their OneLogin account was first created. The Identity re-verification workflows can require a user to perform another selfie and liveness check which can be verified against the Identity documentation previously submitted by the user at the point of account registration. These Identity re-verification workflows can be triggered based on timebound requirements (re-verify once per quarter, etc.) or based on login risk events and even as part of a role change for a user within OneLogin.

Conclusion

In today’s world, a user’s identity is key to their security access, thus Identity verification before a user’s account is created is becoming a core component of a secure solution. We have all gotten used to providing additional authentication factors when we log in to a system. This login verification ensures that the person logging in is the person who created the account, but it does not ensure that the person who created the account is who they claim to be. Identity theft is prevalent. It is incredibly easy for bad actors to go about creating accounts using other people’s names and information. By implementing an Identity Verification process before your users even create their accounts, you can ensure they are who they say they are and prevent bad actors from getting in. We are incredibly excited to add this capability to our One Identity Unified Identity Security solution.

About the Author

Marc Maguire

Marc has over 15 years experience working in technology with a particular focus on the banking sector. Marc works as a Solution Architect in our EMEA pre-sales team and focuses on delivering solutions for complex customer requirements using existing and new capabilities from the OneLogin Platform.

Related Articles