A verify policy dictates what is required to verify a user, such as an ID verification, facial comparison, or liveness.
A verify policy allows you to create PingOne Verify transactions for different scenarios, such as:
- Choosing documents for verification during employee onboarding
- Selfie liveness and comparison during
multi-factor authentication (MFA) authentication in PingID using PingOne Verifymulti-factor authentication (MFA) MFA An electronic authentication method where a user is granted access only after presenting two or more verification factors for authentication.
-
Go to Identity
Verification > Verify Policies.
Note:
A default verify policy based on your environment capabilities is listed.
- Click the + icon.
-
Enter the following information.
Policy Configurations
Policy Configurations Field Description Name
The policy’s name.
Description
The policy’s description.
Transaction Timeout
Time period (in minutes) in which data can be collected after a transaction is created.
Maximum transaction timeout is 30 minutes.
Data Collection Timeout
Time period (in minutes) in which data can be collected after initiating verification from the UI. By default, the data collection timeout is set to 15 minutes.
Maximum data collection timeout is 30 minutes.
Data Collection Only
Data collection only collects documents from a user, but does not process them for verification.
ID Verification
Verification based on Government-issued documents. For example, a driver’s license or a passport.
Facial Comparison
A live photo (selfie) compared with government ID documents or reference selfie for verification.
Liveness
A liveness check on the live photo (selfie) for verification.
Important:For web verification to work in Google Chrome using Google Pixel 8, set Liveness threshold to Low.
Threshold
The probability that selfies are likely to match with document images (facial comparison) or pass liveness checks (liveness) with a low, medium, or high threshold.
Selfies are less likely to match or pass with a higher threshold.
Voice Verification
Verification using voice samples of the end user. There are two types of voice verification policies: enrollment and verification.
Note:You must configure a separate enrollment policy and verification policy.
Configure the following policy settings:
- Voice Verification: Choose Required, Optional, or Disabled.
- Enrollment toggle: Click to enable an Enrollment policy. Disable for a Verification policy.
- Text Dependent Samples: The number of voice samples the user must record for enrollment.
- Voice Text Dependent Phrase:
Phrase the user repeats for enrollment or
verification.
You can configure custom phrases with the API. For more information, see Create Custom Voice Phrase.
- Comparison Threshold: Voice samples are less likely to match with the voice template at higher thresholds.
- Liveness Threshold: Voice samples are less likely to pass liveness testing at higher thresholds.
- Retain Original Recordings: Click the toggle to enable storing the original voice sample after a successful transaction.
- Update On Reenrollment: If disabled, the voice reference is replaced instead of enhanced with additional data.
- Update On Verification: Click the toggle to enable improving the existing voice reference by adding a new template.
Phone Verification
Phone verification using
one-time passcode (OTP) .one-time passcode (OTP) OTP A passcode valid for only one sign on or transaction on a computer system or other digital device. Also known as a one-time password, one-time PIN, or dynamic password. Email Verification
Email verification using OTP.
Create MFA Device
Registration of a user’s phone number or email address as a trusted MFA device after successful OTP or web link verification.
An example configuration on the Add Policy page.
-
Click Save.
Your new policy is shown on the Verify policies page.