Mobile driver’s licenses (mDLs) and the future of trusted digital identity

Identity verification is undergoing a major shift. For decades, organizations have relied on physical documents and traditional identity proofing methods to establish trust online: scan a physical ID, take a selfie, match it to a database, and hope the process is both secure and user-friendly.

But as fraud becomes more sophisticated, especially with AI-enabled impersonation and deepfakes, those legacy approaches are increasingly strained. We need stronger trust signals, built for a digital-first world. One of the most promising developments is the emergence of mobile driver’s licenses (mDLs).

From Okta’s perspective, mDLs are more than a digital convenience. They represent a foundational building block for the next era of identity: standards-based, cryptographically verifiable credentials that are easier to trust, easier to reuse, and designed to protect privacy.

In this post, we’ll explain what mDLs are, how mDL verification differs from traditional identity proofing, what standards are shaping adoption, and how mDLs fit across real-world use cases—from onboarding to account recovery to step-up verification.

What is an mDL (and why does it matter)?

A mobile driver’s license (mDL) is a digital version of a driver’s license (or state ID), stored securely on a mobile device and designed for cryptographic verification. Okta+1

That last part is key: a true mDL is not a photo of your ID, not a PDF, and not a screenshot in a wallet app. Instead, it’s structured identity data that can be presented in a way that allows the verifier to confirm:

• The data originated from a trusted issuing authority (e.g., a DMV)
• The credential hasn’t been tampered with
• The presentation is legitimate (and often bound to the device and user consent)

The result is a fundamentally different kind of trust signal: machine-verifiable identity, not “human-visible documentation.”

Why it matters

mDLs unlock a set of outcomes that organizations have wanted for years:

Higher confidence with less friction
mDL verification can be faster than document scanning and selfie capture flows—especially when used as a reusable credential for known users.

Better privacy
mDL ecosystems are designed for data minimization—for example, verifying that someone is over 21 without exposing their home address. Okta+1

Interoperability and scale
mDL adoption is being driven by standards, which improves the likelihood of consistent verification across platforms, issuers, and relying parties. Okta+1

This combination—security + privacy + reuse—is why mDLs are a natural fit for organizations modernizing their identity strategy.

How mDL verification differs from traditional ID proofing

It’s helpful to separate two related concepts:

• Identity proofing: establishing a person’s identity (often the first time you see them)
• Credential verification: validating a presented credential is authentic and valid

Traditional ID proofing (common today)

Most digital identity proofing experiences rely on document + biometric steps, like:

• capture a photo of a physical ID
• OCR + document authenticity checks
• selfie capture + liveness detection
• database checks against third-party sources

This approach works, but it has limitations:

• It’s high friction, especially on mobile
• It increases the attack surface (photos, replays, spoofing)
• It often involves collecting more personal information than needed

mDL verification (what’s different)

mDL verification is designed to reduce reliance on visual inspection and move toward cryptographic trust:

• The verifier requests specific attributes (e.g., name + DOB, or only “over 18”)
• The user consents and presents those attributes from their wallet
• The verifier validates the response cryptographically against issuer trust frameworks

This shifts verification from:
“Is this photo real?” → to “Is this credential authentic and valid?”

That shift improves security because attackers can no longer rely solely on forged documents, synthetic IDs, or manipulated media to pass verification.

It also improves user experience because verification can become:

• faster
• more privacy-preserving
• reusable across multiple interactions

Standards: the foundation of mDL trust

mDLs are being adopted worldwide in large part because they’re standards-based—a crucial requirement for interoperability.

ISO/IEC 18013-5 (in-person mDL presentation)

The foundational standard for mDLs is ISO/IEC 18013-5, which defines how mDLs are structured, stored, and presented (especially for in-person use cases). Okta+1

It covers topics like:

• how credential data is encoded
• secure device-to-reader presentation
• cryptographic protections and verification mechanisms

ISO/IEC 18013-7 (remote/online mDL presentation)

As mDLs expand beyond physical checkpoints, ISO/IEC 18013-7 addresses remote (online) mDL verification—the kind of flows enterprises need for onboarding, recovery, and regulated access. Okta+1

AAMVA guidelines (U.S. ecosystem)

In North America, AAMVA has provided implementation guidance to help issuing authorities deploy mDLs aligned to ISO standards—helping drive consistency across states. Okta+1

The big takeaway: mDLs aren’t “yet another proprietary identity scheme.” They’re part of an ecosystem moving toward interoperable digital credentials.

Where mDLs fit: use cases across the Okta identity lifecycle

mDLs are most valuable at high-risk, high-friction identity moments—exactly where organizations want stronger trust signals without sacrificing UX.

Below are key use cases, mapped to how Okta customers typically manage identity across workforce and customer environments.

1) Onboarding: high assurance at the start of a relationship

Where it fits: CIAM onboarding, workforce hiring, contractor access

Onboarding is a prime target for fraud. It’s where attackers try to:

• create synthetic identities
• open fraudulent accounts
• gain access to workforce systems through impersonation

mDL verification offers a strong trust signal early, and can reduce repeated proofing steps later.
This is especially relevant in industries with onboarding requirements like:

• financial services
• healthcare
• marketplaces and gig platforms
• regulated consumer apps

Okta alignment: CIAM + Identity verification flows integrated into policies (no custom build required). Okta+1

2) Account recovery: closing one of the biggest security gaps

Where it fits: self-service recovery, password reset, support deflection

Account recovery is often the weakest link. Even strong authentication can be undermined by weak recovery.

mDL verification can help confirm the rightful user during:

• password resets
• account unlock events
• suspicious account takeover scenarios

Done well, this improves both security and user experience by reducing manual support escalation.

Okta alignment: recovery flows are a major emphasis in Okta’s identity verification approach today. sec.okta.com+1

3) Step-up verification: dynamic trust for risky moments

Where it fits: transaction step-up, new device enrollment, sensitive changes

Most organizations don’t need high assurance for every login. But they do need it when risk increases.

mDL verification can act as a step-up signal when:

• user risk is elevated
• sensitive account settings change
• financial or regulated actions occur
• devices are newly registered
• access is requested for privileged resources

Okta alignment: policy-driven enforcement in Identity Engine (step-up based on risk and context). Okta Developer+1

4) Regulated access & compliance: verify eligibility without over-collecting

Where it fits: age checks, regulated content, controlled environments

Because mDL presentation can support selective disclosure (e.g., “over 21”), it can reduce over-collection of personal data while improving confidence.

This is relevant to:

• age-restricted goods and services
• controlled access facilities
• regulated customer verification requirements

Okta alignment: supports customer privacy principles while still meeting assurance needs.

5) Privileged access & high-impact operations

Where it fits: PAM, admin access, high-impact approvals

For privileged roles, mDL verification can provide a strong “human verification” step during:

• privileged elevation (break-glass access)
• admin access to critical systems
• approvals for high-impact changes

Okta alignment: layered assurance to protect privileged identity and minimize breach impact.

The bigger shift: from one-time proofing to reusable digital trust

One of the biggest limitations of traditional identity proofing is that it’s often repeated:

• every new account
• every recovery event
• every regulated transaction

mDLs are part of a broader transition toward verifiable digital credentials—where trusted institutions issue credentials once, and users can present them many times with consent.

Okta has described this direction through its Verifiable Digital Credentials (VDC) platform, planned to enable organizations to issue and verify tamper-proof, reusable identity data—like government IDs, employment records, and certifications. Okta+1

mDLs are among the most important early credentials in this ecosystem because they’re:

• widely recognized
• government-issued
• standards-based
• designed for strong verification and privacy

Okta Digital ID Verification (Beta)

To help organizations begin adopting emerging digital ID ecosystems, Okta has introduced Okta Digital ID Verification (Beta), which supports verification with government-issued digital IDs—starting with mobile driver’s licenses (mDLs). Okta+1

If you’re interested in learning more about how mDL verification can enhance onboarding, recovery, or step-up verification flows, you can:

• Fill out a short form: <link>
• Or read the beta announcement: <link>