Why we need to verify identity?
Before employees can access company resources, they need to prove their identity so that credentials can be created. Therefore, identity verification is all about establishing that an applicant is who they claim to be. Once identity is verified, the system creates a record for the user and issues an authenticator - password, PIN, certificate, etc. - so that when the user returns, she can present that authenticator to access the system.
Today when organizations onboard employees they rely on very basic methods, such as sending initial username and password over email, or printing credentials on a piece of paper and sending to newly hired employees. Therefore, ability to access your personal email, or having access to your home mailbox ensures that you are the intended recipient.
idemeum supports granular identity verification for employee onboarding. Admins can choose to verify identity by verifying personal email address, phone number, or government issued ID document. Any combination of the three can be used to verify the identity of a new employee with company HRMS system.
How identity verification works
When identity proofing is done, it needs to be done at a certain "Identity Assurance Level (IAL)". National Institute of Standards and Technology (NIST) sets requirements for each of the 3 levels, based on the required security level and assumed risk.
- Identity Assurance Level 1 (IAL1): There is no requirement to link the applicant to a specific real-life identity. Any attributes provided in conjunction with the authentication process are self-asserted or should be treated as such.
- Identity Assurance Level 2 (IAL2): Evidence supports the real-world existence of the claimed identity and verifies that the applicant is appropriately associated with this real-world identity. IAL2 introduces the need for either remote or physically-present identity proofing.
- Identity Assurance Level 3 (IAL3): Physical presence is required for identity proofing. Identifying attributes must be verified by an authorized and trained representative.
The process of identity verification is progressing across 3 phases. First, the document and additional context need to be collected. Second, the supplied information is validated to make sure the documents are valid, not expired, or forged, etc.. And finally, the identity is verified by matching the document with the photo supplied by the subject. At this phase, liveness detection is typically performed to make sure the system is interfacing with a physically present human being and not an inanimate spoof artifact.
idemeum offers an option to verify identity with personal email address. Secure one-time code will be sent to prove email ownership. Once email is verified, it can be used to look up user identity in HRMS system and onboard employee into an organization.
idemeum offers an option to verify identity using phone number. We will send an SMS to employee phone number to verify ownership. Then verified phone number can be used to look up employee record in the HRMS to onboard employee into an organization.
ID document verification
idemeum also supports ID document verification in accordance with IAL level 2 NIST recommendations. With idemeum mobile app users take a photo of document (driver's license or passport) and do a face scan to perform liveness detection. Then idemeum performs document validation and matches liveness detection scan with the photo on the document. If successful, document is verified and stored on the mobile device. Then verified name can be used to look user up in HRMS system and onboard into an organization.