Last updated: Jan 21, 2021

Integration detail

Free trial with Okta + Learn More

Evident

Enable user self-verification for improved identity confidence with Evident

Overview

With Okta and Evident integrated together, organizations can add a frictionless identity verification step during a new user registration or an account upgrade request, before making an access decision. Verify a variety of attributes – age, insurance, motor-vehicle records, and licensing and accreditation status, for example – to determine a user’s access to (or denial from) your application or platform. Seamlessly close the registration loop with secure authentication, granting valid users access to approved apps and resources, while denying invalid users.

The Challenge

  • With identity fraud on the rise, organizations in nearly every industry are looking for new ways to verify user identities before providing account access or opening up new services
  • As more information is collected during the user onboarding process in an attempt to verify identities, this personally identifiable information itself becomes an added risk and liability for enterprises
  • How, then, can organizations securely verify and authenticate customers online, without adding complexity for end users or risk for the enterprise?

The Solution

Social Authentication icon

Combine Evident’s identity proofing with Okta’s identity management solution to validate end user identities and provide secure access

Documents cropped

Verify a variety of pertinent attributes–like age, insurance, motor-vehicle records, and licensing and accreditation status–to determine a user’s access to (or denial from) your application or platform

personally enabled mobile devices

Customize policies, levels of assurance, and user registration experiences to authenticate new account registrations according to organizational needs

Federated Single Sign-On

Seamlessly close the registration loop with secure authentication, granting valid users access to approved apps and resources, while denying invalid users

okta evident diagram

Prevent fraud without user friction

With Okta and Evident integrated together, organizations can add a frictionless identity verification step during a new user registration or an account upgrade request, before making an access decision. Evident’s identity verification process is easy for end users to perform, while simultaneously deflecting impersonators. After a successful verification step, users enjoy secure authentication through Okta to seamlessly complete their registration and provide appropriate access.

Verify multiple data attributes without handling sensitive personal data

With Evident, organizations can retrieve data from thousands of authoritative sources to verify pertinent facts about an individual in order to determine whether to grant or deny access. Examples: A ride-sharing company signing up new drivers might verify a driver’s license, motor vehicle records, and proof of insurance; a bank might expedite online loan applications by verifying an applicant’s loan-qualifying data like address, utility usage, and employment. Evident’s solution has connections to thousands of authoritative sources, enabling organizations to add identity verification, without handling or holding sensitive personal data.

Securely and easily verify and authenticate users

  • Okta and Evident work together to add world-class identification verification to best-of-breed identity and access management
  • Leverage documents users already own and tap into up-to-date records from authoritative sources to verify identities and other attributes through a single API
  • Securely provide legitimate end users a higher degree of self-service and a better onboarding experience
  • Provide the decision-making data your teams need without centrally storing sensitive data, reducing risk and liability for the enterprise

Overview

Evident provides identity and credentials verification solutions for enterprises. Evident collects verified evidence results and updates users in your Okta org, shielding you from collecting and managing personally identifiable information.

The sample web application demonstrates a workflow that uses Evident identity verification and then syncs the results to Okta by leveraging both Evident and Okta APIs.

Prerequisites

Creating and configuring this sample application requires:

  • An Okta organization within the okta.com or oktapreview.com domains. You can create a developer org for free.
  • An API token created by an administrative account within that org. See Create an API token. The minimum permission level required for this particular Okta API token is "Group Administrator".
  • A Node.js development environment, version 12 or later.
  • A GitHub account.

Procedure

Create an Okta API token

  1. In your Okta org, sign in to the Okta Admin Console. As the API token inherits the privileges based on the account used to create the token, your account must have at least the "Group Administrator" privilege level.
  2. From the side navigation, click Security > API.
  3. On the Tokens tab, click Create Token.
  4. Name the token "Evident API Token" and click Create Token.
  5. Copy the API token to the clipboard and paste it to a secure location, as this is the only time you can view it.

Create the Evident sandbox tenant

  1. You can request an Evident sandbox tenant for testing.
  2. In this form, you need to include the Okta API token you created, along with the URL for your Okta org. You can find your org URL in the upper-right corner of your Okta Admin Console.
  3. After Evident configures your sandbox tenant, their Customer Success team sends instructions to locate the related API information that you need to configure this app. This email includes the Evident sign-in credentials, the URL for the API, and the location of your Evident API key.

Add Evident attributes to the Okta user profile

To handle the incoming data attributes from Evident, you need to add two new attributes to the user profile in Okta.

  1. In your Okta org, sign in to the Okta Admin Console.
  2. From the side navigation, click Directory > Profile Editor.
  3. On the Profile Editor page, click the Profile link beside User (default) to edit the profile.
  4. Under the Attributes heading, click Add Attribute.
  5. In the Add Attribute dialog, enter the following information:
    • Data type — string
    • Display name — Evident ID Verification
    • Variable nameevidentid_verification
    • Description — Evident ID Verification Status
    • Enum — enable this check box
    • Attribute members — add the following attribute names and values:
      • Requested : requested
      • Not Requested : not_requested
      • Request Timeout : timeout
      • Submission Complete : submissionComplete
      • Verified : true
      • Not Verified : false
    • Attribute length — leave this as default
    • Attribute required — leave this check box unselected
  6. Click Save and Add Another.
  7. Enter the following information for the second attribute:
    • Data type — string
    • Display name — Evident ID Details
    • Variable nameevidentid_verification_details
    • Description — Evident ID Verification Details
    • Enum — leave this check box unselected
    • Attribute length — leave this as default
    • Attribute required — leave this check box unselected
  8. Click Save to finish adding the attributes.

Prepare the sample application

  1. Clone the GitHub repository for the Evident sample application to the test system with your Node.js environment.
  2. Navigate to the project folder.
  3. Using a text editor, change all the values in the /src/pages/Config.js file to the values obtained from Okta and Evident:
  • oktaUrl = 'https://<company>.okta.com' — this value is the URL for your Okta org
  • oktaApiToken = '<Okta API Key>' — this value is the API token you created in Okta for Evident
  • evidentVerifyApiUsername = '<Account name>' — this value is the Account name found in the Administration > API section in your Evident console
  • evidentVerifyApiPassword = '<API Key>' — this value is the API Key found in the Administration > API section in your Evident console
  • evidentTemplateId = '<Template ID>' — this value is provided in the email you receive from Evident support containing your sandbox tenant information

Test

  1. To start up the Evident sample application, run the following command from the root of the project directory: npm install && npm start

Note: When the sample application starts, the first step in loading the /signup page is to make an API request to Okta to register a new Trusted Origin. If you have already created a localhost:3000 trust rule with the CORS and Redirect options selected, the console shows a 400 error when running npm start. This error is expected, and your sample application should proceed normally.

  1. Open your browser to https://localhost:3000/signup and fill out the form to create and verify a new user in your Okta org.
  2. Add the required firstName, lastName, and email information. Note the test user details for later reference.

Evident ID proofing flow

  1. After the application redirects you, select Government Issued ID & Video Selfie.
  2. Read the disclosure and select the provided check box to agree.
  3. Click Authorize.
  4. Note the valid forms of identification and enter a valid phone number to receive an SMS text message with additional instructions.
  5. Upload images of the front and back of your identity document. Then submit a live photo capture to complete the ID proofing process.
  6. If you provide valid information and documentation, the ID proofing succeeds, and the API updates the user profile in Okta.
  7. After the requested items are submitted, the application redirects you to a page notifying you that Evident is processing the request. Finally, you are sent to a page saying that Evident has verified your information.

    Note: EvidentID can tailor this form completion page with customized instructions. For security purposes, during sandbox testing, the application isn't redirected back to a localhost URL.

Confirmation of results

  1. To confirm the results of this sample test flow, open the Admin Console for your Okta org
  2. From the side navigation, click Directory > People.
  3. Check for the new user account using their first name, last name, or email.
  4. Confirm that the new user account exists. Click the link for the person to see their user profile page.
  5. Select the Profile tab, and confirm that there are values for the two user attributes for Evident:
    • Evident ID Verification - evidentid_verification: Verified
    • Evident ID Details - evidentid_verification_details: (null)
      • The details field has information only if there is a failure that Evident returns details about the failure.
  6. You can also check the dashboard of your Evident sandbox tenant. The main page of the dashboard shows you all the submitted requests made through the sample application. The user profile status is either Completed (for successes) or Pending (for failures that require manual intervention by Evident).

Related content

Evident - API Developer documentation

Support

If you need help or have an issue, post a question in the Okta Developer Forum or send an email to Evident using [email protected]

Functionality

Add this integration to enable authentication and provisioning capabilities.

Provisioning


Workflows

Add this application connector to your Okta Workflows, a no-code interface-driven platform for creating custom workflows using a library of integrated third-party applications and functions. Sequence action events together to automate identity-centric business processes.

Evident Connector actions
A wide range of connectors from different apps can be linked to create automated Workflows.

  • Custom API Action
Connector
Evident ID connector
Connector

Evident ID

Evident ID connector
Okta Verified
Okta Verified
The integration was either created by Okta or by Okta community users and then tested and verified by Okta.

Languages Supported

English

Functionality