Getting Started

Before you configure this feature, ensure you have the following:

1. Third-party Identity Verification Provider Subscription: You must have an active commercial relationship and license with a supported third-party Identity Verification provider. IAM supports identity verification with providers using OpenID Connect (OIDC) integration. You will need to obtain a license from a configured third-party identity verification provider (for example, Daon or CLEAR) before you can begin the identity verification provider configuration.
2. From your IDV provider, you will need the following credentials for configuration:
   1. Client ID
   2. Client Secret
   3. Discovery URL
3. Feature availability: Identity Verification and Identity Assurance features are available in the OCI IAM Premium domain type only. If you have a Free domain type, you must upgrade to the Premium domain type.
4. Admin Access: You need permissions to manage identity verification providers and domain policies.
5. User Prerequisites: Ensure your users are aware of the requirements for enrollment:
   1. A mobile device with a camera and the ability to install the IDV provider's application.
   2. A government-issued ID with NFC capabilities (for example, a modern passport).
   3. A computer with a webcam for facial biometric enrollment and verification.
   4. A passkey configured as an authentication factor, as it's a prerequisite for Identity Assurance.

To manage Identity Domain security settings and Identity Assurance policies, you must have one of the following grants:

1. Be a member of the Administrators group
2. Be granted the Identity Domain Administrator role or the Security Administrator role
3. Be a member of a group granted manage identity-domains permissions