Enroll User Credentials from Proof (Optional)

Assuming all IDV signals inspected at previous step satisfy integration internal onboarding policy, the user's Selfie biometric captured during Proof can be enrolled as a "root" credential for subsequent authentication transactions.


Account Recovery and MFA

Even if the relying party platform does not plan to use biometrics for Primary authentication, consider enrolling biometrics for account recovery and MFA. This helps protect against the most prevalent attacks on the internet today, Account Take Over and Social Engineering.

Two API calls are required to turn Selfie data from Proof into Account Biometric Credential:


Proof Results will Expire

Proof results contained in TempId expire within 7 days. Trying to enroll Account Biometrics using TempId that has PII data removed results in error.

Now that the user has an Account and a Credential the integration can Request an Authentication Transaction via API or use any pre-built integrations described in the Cloud Connections section.


What if I don't need my users to do Proof, but I do want to run Biometric Authentication?

You do not need to run Proof to enroll Biometric Credentials, to learn more visit Enroll User Credentials