Overview

Before employees can access any company resources, they need to prove their identity. Therefore, identity verification is all about establishing that an employee is who she claims to be.

idemeum offers built-in identity verification right from the mobile app, and it removes the need to use passwords. Admins can choose to verify identity of new hires using email address, phone number, or government issued ID document.

User experience

Employees can verify an email address. Secure one-time code will be sent to prove email ownership.

Recover identity

Employees can verify their cell phone number. We will send an SMS to employee phone number to verify ownership.

Recover identity

idemeum also supports ID document verification in accordance with IAL level 2 NIST recommendations. With idemeum mobile app users take a photo of document (driver's license or passport) and do a face scan to perform liveness detection. Then idemeum performs document validation and matches liveness detection scan with the photo on the document. If successful, document is verified and stored on the mobile device.

Recover identity

How it works behind the scenes

Let's say an employee verifies a personal email address in idemeum app. This personal email address will be used to onboard an employee into an organization. What idemeum will need to do is to map this personal email address to a corporate email address assigned to this employee. This can be done in two ways:

1. Manual mapping by creating a user record

Admins can manually create a user record in idemeum and map personal claim to company email address.

2. Automated mapping using external user source

idemeum can connect to an external user source, such as an HR system, or payroll provider, to search for the user by personal claim and convert that to a company email address. 

Here is a quick diagram of how identity verification can work with HR system.

  1. IT admin / HR team sends a new employee a welcome email that among other things invites employee to enroll into passwordless experience to access all company resources.
  2. Employee downloads idemeum app and goes through a 2 min set up process: enable biometrics, verify email address, phone number, or ID document. Information required to verify identity is configurable by company admin. Some companies might choose to only require employee to verify phone number. Some companies might be more strict and require remote ID document verification.
  3. Employee navigates to company application portal and scans idemeum QR code. Login will need to be approved with biometrics.
  4. Upon approval, information from mobile device is used to search for employee record in company HR system (HRMS) or idemeum cloud directory. Employee record can be searched by email address, phone number, or first name / last name.
  5. If the employee record is found, employee is onboarded, assigned corporate email address, and granted access to all necessary company applications, including SaaS applications, VPN access, and more.

Let us know if you have any question in the chat window at the bottom right.