Enroll User Credentials from Proof (Optional)
Assuming all IDV signals inspected at previous step satisfy integration internal onboarding policy, the user's Selfie biometric captured during Proof can be enrolled as a "root" credential for subsequent authentication transactions.
Account Recovery and MFA
Even if the relying party platform does not plan to use biometrics for Primary authentication, consider enrolling biometrics for account recovery and MFA. This helps protect against the most prevalent attacks on the internet today, Account Take Over and Social Engineering.
Two API calls are required to turn Selfie data from Proof into Account Biometric Credential:
- Get TempId of storage location for Proof results using Get Proof Transaction TempId endpoint.
- Pass TempId to Create Proofed Account Biometric Credential endpoint. The Selfie contained in TempId is used.
Proof Results will Expire
Proof results contained in TempId expire within 72 hours. Trying to enroll Account Biometrics using TempId that has PII data removed results in error.
authID offers a service for longer term storage of Proof Results Data, please contact [email protected] for details.
Now that the user has an Account and a Credential the integration can Request an Authentication Transaction via API or use any pre-built integrations described in the Cloud Connections section.
What if I don't need my users to do Proof, but I do want to run Biometric Authentication?
You do not need to run Proof to enroll Biometric Credentials, to learn more visit Enroll User Credentials
Updated 22 days ago