Enhancing security: Identity proofing for new hires
Earlier this year, Okta rolled out identity proofing for our new hire onboarding process. This new step is powered by Okta Identity Verification in partnership with Persona, an identity verification platform that adds a crucial layer of security. Okta Identity Verification ensures our new hires are who they claim to be.
Beyond onboarding, we've also configured Identity Verification to streamline processes like self-service account recoveries. This helps reduce the time and effort required for our support desks and users to regain access.
Behind the scenes of Okta Identity Verification
You might wonder how we integrated identity proofing into our new hire onboarding. In short, it took a lot of planning and coordination. We knew we couldn't disrupt the smooth operation of our IT orientation, especially with the critical security implications at stake.
Our goal was to make this new security step as slick and easy as possible for everyone involved. Multiple Okta teams partnered to design the optimal solution to orchestrate the onboarding process, leveraging identity verification.
Our implementation’s evolution
We faced some constraints on where and how we could introduce identity proofing, particularly because it's tied to Okta's Account Management Policy. Initially, we considered prompting for identity proofing when new hires set up their account. However, this raised concerns for those in a pre-onboarding state who would lack immediate support if they encountered issues.
We deployed our first release to introduce identity proofing during IT orientation, specifically when new employees first set up FastPass. This worked reasonably well, though we did encounter challenges like first name mismatches (preferred vs. legal), causing verification failures.
To address these issues, we launched with an exception process. While it served its purpose, it quickly became clear we were adding more manual work for our teams. We knew there had to be a more efficient and scalable solution.
New features streamline the process
Fast forward to April, and we're excited about the new Okta Identity Verification features now available to us. A key addition is the Identity Verification event hook, which wasn't available at our initial launch.
This new capability allows us to capture identity-proofing events and pipe them directly to a Slack channel via a custom Workflow. Now, both the HR and IT support teams can monitor these transactions in real-time. This means we can proactively reach out and offer support to users who might be experiencing issues with identity verification, streamlining the process and reducing friction.
We've rolled out a second key feature, an API configuration that allows our identity provider to use a read-only Okta API token to evaluate a user's legal and preferred first names. The great news? This configuration completely eliminates previous issues with name mismatches causing failures, meaning no more exceptions for that common use case.
With these new enhancements in place, new hires now complete their identity-proofing step when they first log in to Okta with their pre-enrolled YubiKey and finalize their account setup. The results speak for themselves: New hires can complete their identity-proofing tasks with ease. As an added benefit, the IT orientation for our full-time employees is now much smoother, returning to its original process since identity proofing is complete.
Demo of identity verification in action at Okta
What's next for Okta Identity Verification?
Our Okta product teams are constantly working to expand our product capabilities. Identity Verification can help streamline our daily tasks and provide an even stronger security layer across our ecosystem.
That’s it for now. Thanks for reading and stay tuned for more updates from the IAM team regarding Identity Verification!
These materials are intended for general informational purposes only and are not intended to be legal, privacy, security, compliance, or business advice.
