Verify Identity Assurance (IDA)
OpenID Connect for Identity Assurance (OIDC4IDA), is an extension of the OpenID Connect (OIDC) protocol designed to provide higher levels of assurance in identity verification. It addresses scenarios where traditional OIDC might not provide sufficient assurances about the identity of users, especially in contexts requiring strong identity proofing and authentication measures. OIDC4IDA focuses on explicitly communicating the details of the assurance process used to verify and validate the end-users identity. This includes information about the methods used for identity proofing, the level of assurance achieved, and any relevant attributes or claims associated with the user’s identity.
The various checks in verify policies add the results of their identity proofing and verification to the identity assurance claims for a user. You can retrieve these claims with Read One Verify Identity Assurance, and you can remove them with Delete One Verify Identity Assurance.
You can also retrieve identity assurance claims for a user with Verified data, which includes all identity assurance claims returned by the checks. If you use the ?type=ida query parameter with Read All User Verified Data, the response includes only identity assurance claims.
Assigning admin roles and permissions to this service
Admin role assignments determine access to PingOne APIs. When assigning admin roles to this service, refer to PingOne Permissions by Service for the service-specific permissions.
You can also choose to assign admin roles based on particular service resources. Refer to PingOne Permissions by Resource when assigning admin roles per service resources.
Admin assignments to roles are set by:
Refer to Roles Management for more information.
Identity Assurance (IDA) data response data model
IDA claims are stored in the user’s system attribute, identityAssurance.
The verify policy must enable IDA by setting ida.enabled to true in the transaction configuration object to return this object.
| Property | Type | Required | Mutable | Description |
|---|---|---|---|---|
|
Object |
N/A |
Read-only |
The data parsed off the barcode of a driver license |
|
Object |
N/A |
Read-only |
Information regarding check details of the verified_claims |
|
Object |
N/A |
Read-only |
Information regarding claims of the verified_claims |
|
Object |
N/A |
Read-only |
Information regarding document details of the verified_claims |
|
String |
N/A |
Read-only |
Type of verification claim. Always |
|
Object |
N/A |
Read-only |
Information regarding verification of the verified_claims |
verified_claims verification object data model
| Property | Type | Required | Mutable | Description |
|---|---|---|---|---|
|
String |
N/A |
Read-only |
The assurance level offered by the |
|
Object |
N/A |
Read-only |
Contains the assurances checked |
|
Object[] |
N/A |
Read-only |
Array of objects that contain the assurances details. |
|
Object |
N/A |
Read-only |
Information regarding evidence of the verified_claims.verification |
|
DateTime |
N/A |
Read-only |
When the top level status changed to |
|
String |
N/A |
Read-only |
The policy name applied to the verification. Supports only |
|
String |
N/A |
Read-only |
Identifier (UUID) of the verify transaction |
verified_claims verification evidence object data model
The evidence object is returned only from manual override verification.
| Property | Type | Required | Mutable | Description |
|---|---|---|---|---|
|
String |
N/A |
Read-only |
Always |
|
String |
N/A |
Read-only |
Always |
|
DateTime |
N/A |
Read-only |
Date and time the manual override occurred |
|
String |
N/A |
Read-only |
Always |
verified_claims verification assurance_process assurance_details object data model
| Property | Type | Required | Mutable | Description |
|---|---|---|---|---|
|
String |
N/A |
Read-only |
Always |
|
String |
N/A |
Read-only |
Always |
|
Object[] |
N/A |
Read-only |
Date and time the manual override occurred |
|
String |
N/A |
Read-only |
A reference to an evidence object |
verified_claims claims object data model
For government identity document verification, PingOne offers several types of additional verification to enhance the quality of verification. Parenthetic abbreviations reflect the additional verification that the property applies to.
-
AAMVA - American Association of Motor Vehicle Administrators verification of US driver licenses
-
Face - Selfie liveness check with injection detection
-
OTP - One-time passcode verification of email or phone
| Property | Type | Required | Mutable | Description |
|---|---|---|---|---|
|
Object |
N/A |
Read-only |
Address of the user |
|
String |
N/A |
Read-only |
Country of the user |
|
String |
N/A |
Read-only |
City of the user |
|
String |
N/A |
Read-only |
Postal code of the user |
|
String |
N/A |
Read-only |
State, province, or geography of the user |
|
String |
N/A |
Read-only |
Street address of the user |
|
String |
N/A |
Read-only |
Birthdate of the user |
|
String |
N/A |
Read-only |
Family name of the user |
|
String |
N/A |
Read-only |
Full name of the user |
|
String |
N/A |
Read-only |
Given name of the user |
|
String |
N/A |
Read-only |
Email address verified (OTP) |
|
String |
N/A |
Read-only |
Identification card, such as passport or Aadhaar card, or driver license number (AAMVA) |
|
Boolean |
N/A |
Read-only |
Whether injection detection passed in face verification (Face). Not returned if injection detection is disabled or absent in the verify policy. |
|
Boolean |
N/A |
Read-only |
Whether liveness check passed in face verification (Face). Not returned if liveness is disabled or absent in the verify policy. |
|
String |
N/A |
Read-only |
Telephone number verified (OTP) of the user |
|
String |
N/A |
Read-only |
Social Security number of the user |
verified_claims check_details object data model
| Property | Type | Required | Mutable | Description |
|---|---|---|---|---|
|
String |
N/A |
Read-only |
Identifier of the verification check. Refer to verified_claims check_details check_id source. |
|
String |
N/A |
Read-only |
Verification method as shown in the following table |
|
String |
N/A |
Read-only |
Subprocessor name as shown in the following table |
verified_claims check_details check_id source
| Verification type | check_method | organization | check_id |
|---|---|---|---|
Government identification |
|
|
Subprocessor’s request identifier, if available, otherwise the verify transaction identifier (UUID) returned by Create Verify Transaction |
Facial comparison |
|
|
Verify transaction identifier (UUID) returned by Create Verify Transaction |
Liveness |
|
|
Verify transaction identifier (UUID) returned by Create Verify Transaction |
AAMVA |
|
|
Subprocessor’s request identifier, if available, otherwise the verify transaction identifier (UUID) returned by Create Verify Transaction |
AADHAAR |
|
|
Subprocessor’s session identifier |
AADHAAR |
|
|
Subprocessor’s session identifier |
AADHAAR |
|
|
Subprocessor’s session identifier |
Data-based identity verification |
|
|
Subprocessor’s tracking identifier |
Data-based identity verification |
|
|
Subprocessor’s reporting reference identifier |
|
|
Verify transaction identifier (UUID) returned by Create Verify Transaction |
|
Phone |
|
|
Verify transaction identifier (UUID) returned by Create Verify Transaction |
verified_claims document_details object data model
| Property | Type | Required | Mutable | Description |
|---|---|---|---|---|
|
Date |
N/A |
Read-only |
Date of expiration as reported by the subprocessor |
|
Date |
N/A |
Read-only |
Date of issuance as reported by the subprocessor |
|
String |
N/A |
Read-only |
Unique identifier as reported by the subprocessor |
|
String |
N/A |
Read-only |
Country that issued the document as reported by the subprocessor |
|
String |
N/A |
Read-only |
Type of document presented as reported by the subprocessor, such as passport, visa, driver license, or identification card |