--- title: iProov Authentication node description: The iProov Authentication node integrates Advanced Identity Cloud authentication journeys with the iProov Genuine Presence Assurance and Liveness Assurance products from iProov. component: auth-node-ref version: latest page_id: auth-node-ref:cloud:iproov canonical_url: https://docs.pingidentity.com/auth-node-ref/latest/cloud/iproov.html keywords: ["Authentication", "iProov"] page_aliases: ["auth-node-iproov.adoc", "auth-node-iproov-node.adoc", "auth-node-iproov-setup.adoc"] section_ids: auth-node-gateway-comm-example: Example availability: Availability inputs: Inputs dependencies: Dependencies iproov-setup: Set up the iProov tenant configuration: Configuration outputs: Outputs outcomes: Outcomes --- # iProov Authentication node The iProov Authentication node integrates Advanced Identity Cloud authentication journeys with the [iProov Genuine Presence Assurance](https://www.iproov.com/iproov-system/technology/genuine-presence-assurance) and [Liveness Assurance](https://www.iproov.com/iproov-system/technology/liveness-assurance) products from [iProov](https://www.iproov.com/). iProov is a trusted provider of biometric face verification and authentication solutions that are fully optimized for usability, security, and privacy. Organizations rely on iProov's defenses against evolving biometric threats while delivering an intuitive user experience. ## Example This example journey highlights the use of the iProov Authentication node to authenticate by using facial biometrics. ![iproov journey](_images/iproov-journey.png) Advanced Identity Cloud provides [sample journeys you can download](https://github.com/ForgeRock/tntp-iproov-docs/tree/master/example-auth-trees) to understand and address the most common iProov authentication use cases. ## Availability | Product | Available? | | ------------------------------------- | ---------- | | PingOne Advanced Identity Cloud | Yes | | PingAM (self-managed) | Yes | | Ping Identity Platform (self-managed) | Yes | ## Inputs This node requires the `username` in the incoming node state. Implement a [Platform Username node](../platform-username.html) before this node in the journey. ## Dependencies To use your iProov verification in your Advanced Identity Cloud authentication journey, you must have an active iProov tenant instance with a configured service provider. Contact your iProov sales representative for more information. ### Set up the iProov tenant To create a service provider in your iProov tenant instance: 1. Log into your iProov tenant instance. 2. Go to Service provider > Create new service provider. 1. Enter a name and select a suitable Service Location. 2. Select the `Production`, `Development`, or `Testing` environment in which you want to use the service provider. 3. Then click Create. 3. Note of the following provider details: 1. Service Location 2. API Key. 3. Primary API Secret. 4. OAuth Username. 5. Primary OAuth Password. 4. Contact your iProv representative to ensure that Liveness, GPA, and On Validate Return Frame are enabled. | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | * The Validate Return Frame enables the REST API to retrun the photo. The returned photo is an output to the shared node state by the iProov Authentication node. * Liveness and GPA need to be enabled to choose the Assurance Type. * Contact your iProov Representative to enable these parameters. | ## Configuration The configurable properties for this node are: | Property | Usage | | -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | iProov Tenant | The hostname of your iProov tenant, either `us.rp.secure.iproov.me` or `eu.rp.secure.iproov.me`. | | iProov Base URL | The iProov URL context that contains the version of the REST API, which is `/api/v2`. | | iProov API Key | The API key you obtained from iProov. | | iProov API Secret | The API secret from iProov. | | iProov OAuth Username | The username of the OAuth user on iProov. | | iProov OAuth Password | The password of the user on iProov. | | iProov Assurance Type | The type of API assurance on iProov:- `GPA`: Generic Presence Assurance - `LA`: Liveness Assurance Default: `GPA`. | | iProov Authentication Type | The type of authentication. It can be one of:- `Enrol` - for enrolling the user into iProov. - `Verify` - for verifying the user's liveness. - `Combined` - for enrollment if the user is not enrolled, otherwise verify the user's liveness. Default: `Enrol`. | | User Unique ID Attribute | The unique ID of the user enrolled with iProov. This attribute must exist in the user's Advanced Identity Cloud profile in the identity repository. | | User Search Attributes | An alternative attribute that contains the username value, and is used to search a user in the underlying identity store. | | ForgeRock UI | A boolean attribute for determining how the iProovWeb SDK is rendered to the user.- When set to `true`, you can view the iProovWebSDK on the Advanced Identity Cloud admin UI. - When set to `false`, you can view the iProovWebSDK by going to Native Consoles > Access Management. Default: `true`. | | iProov Version | The version of the iProov web SDK to use. Now 5.0.0 and 5.0.1 are supported. Default: 5.0.0. | | Title Text Color | Adjusts the color of the title text above the central oval where the image is captured. By default, no title is used. Refer to the [Custom Title](#custom-title) attribute for more information. | | Surround Color | Adjusts the color surrounding the central oval. It also affects the color of the mask in Liveness Assurance with a `clear` or `blur` filter. | | Prompt Text Color | Adjusts the color of the text visible in the central prompt of the screen. | | Prompt Background Color | Adjusts the color of the background in the central prompt of the screen. | | Header Background Color | Adjusts the color of the background in the top bar of the application, transparent by default. | | []()Custom Title | The title of the camera view that appears above the image area when the camera is capturing the image. Specify a custom title to be shown. Default: An empty string (""). | | Assets URL | Critical dependencies are loaded from the content delivery network (CDN) at `cdn.iproov.app`. In a production environment, set this property to your CDN, for example: https\://cdn.iproov.app/myassets. | | Logo | A relative link, absolute path or the data URI to your custom logo. The logo can be in any web format, though it is recommended to use the SVG format. If you don't specify a logo, the iProov logo is displayed. Set to `null` if you don't want a logo to be displayed. | | Network Timeout | Time in seconds for the backend to acknowledge a message. If the timeout is exceeded, Advanced Identity Cloud returns an error with the feedback code `error_network`.Default: 20 (seconds). | | iProov Camera Filter | Controls the filter for the camera preview. The value can be classic, shaded, or vibrant. For Liveness Assurance, two additional filters, clear and blur, are provided. The blur filter is removed when the claim progresses.+ Default: shaded. | | Prompt Rounded Corners | The floating prompt has rounded corners by default. To disable rounded corners, set this attribute to `false`. | | Debug | By default, log messages at level `info` or lower are hidden. They can be displayed on the console by setting Debug to `true`. Log messages at the `warning` and `error` levels are always displayed on the console. | | Slots | Customize the markup styling and automatically inherit your application's styles by using the Slots attribute. | | Aria Live | Control the priority of messages being read out by the screen reader. Refer to [ARIA live regions](https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/ARIA_Live_Regions) in Mozilla documentation for more information on ARIA live. By default, this is set to `assertive` to indicate time-sensitive or critical notifications that require the user's immediate attention. This can be disabled by setting it to `off` or `polite`. | ## Outputs The following outputs are stored in the shared node state: | Output Variable | Variable Description | | ---------------------- | ---------------------------------------------------------------- | | iProovValidateResponse | The complete validation response from iProov API in JSON format. | | iProoveValidatePhoto | Photo from the validated API endpoint response. | ## Outcomes * `Success` The iProov verification process is completed successfully. * `Failure` The iProov verification process returned a failure because a user connection or device failed during the verification process. * `Retry` The iProov verification process is incomplete due to a failure or user error and can be retried. * `Error` A fatal exception occurred due to misconfiguration or an error with the user account. Exceptions are logged at the Error level, and put in the SharedState. * `Cancel` The user has opted to cancel the iProov verification.