Creating a verify policy

A verify policy dictates what is required to verify a user, such as an ID verification, facial comparison, or liveness.

About this task

A verify policy allows you to create PingOne Verify transactions for different scenarios, such as:

Choosing documents for verification during employee onboarding
Selfie liveness and comparison during multi-factor authentication (MFA) in PingID using PingOne Verify
Selfie match against the Aadhaar registry data for verification when an Indian Aadhaar ID is detected

Steps

In the PingOne admin console, go to Identity Verification > Verify Policies.

A default verify policy based on your environment capabilities is listed.
Click the icon.

Enter or edit the following:

Policy configuration

Field

Description

Name

The policy’s name.

Description

The policy’s description.

Configuration

Transaction Timeout: Time period (in minutes) in which data can be collected after a transaction is created. The maximum transaction timeout is 30 minutes.

Data Collection Timeout: Time period (in minutes) in which data can be collected after initiating verification from the UI. By default, the data collection timeout is set to 15 minutes. The maximum data collection timeout is 30 minutes.

Data Collection Only: Click the toggle to enable data collection from a user without verification.

Government ID

Verification based on government-issued documents. For example, a driver license or a passport.

Configure the following policy settings:

ID Verification: Select Required, Optional, or Disabled.
Document Authentication Provider: The provider used to authenticate government documents. Select Mitek (default) or Veriff.
Inspection Type: Select the type of inspection performed on government-issued documents:
- Automatic: AI-based analytics examine the ID document to determine if it’s original and unaltered.
- Manual: A human agent trained in document authentication examines the photo of the ID to determine its authenticity.
- Step-Up to Manual: Automated inspection is tried first. If the document cannot be verified, the service switches to manual inspection.
  
  Manual and Step-Up to Manual inspection types require an additional license.
Government ID Retry Attempts: The number of times a user can retry scanning an ID if the first attempt fails. Possible values for government ID retry attempts are 0 - 3.
Enable AAMVA: Click the toggle to enable verification of ID information against the issuing agency database, the AAMVA Driver’s License Data Verification (DLDV) service.
Fail Expired IDs: Click the toggle to fail verification for expired IDs.
Enable Aadhaar Verification (India): Click the toggle to enable user verification through the Aadhaar registry.
OTP Attempts: The number of times a user can enter the correct one-time passcode (OTP) that’s sent to the phone number associated with their Aadhaar ID for verification.
Cooldown Duration (Seconds): A waiting period enforced after an OTP is sent to a user before they can request another one.

Facial Comparison

A live photo (selfie) compared with government ID documents or reference selfie for verification.

Configure the following policy settings:

Facial Comparison: Select Required, Optional, or Disabled.
Threshold: The probability that selfies are likely to match with document images (facial comparison) or pass liveness checks (liveness). Select Low, Medium, or High threshold.

Selfies are less likely to match or pass with a higher threshold.

Liveness

A liveness check on the live photo (selfie) for verification.

Configure the following policy settings:

Liveness: Select Required, Optional, or Disabled.
Threshold: The probability that selfies are likely to match with document images (facial comparison) or pass liveness checks (liveness). Select Low, Medium, or High threshold.

Selfies are less likely to match or pass with a higher threshold.
Selfie Retry Attempts: The number of times a user can retake a selfie if the first attempt fails. Possible values for selfie retry attempts are 0 - 3.

Voice Verification

Verification using voice samples of the end user. There are two types of voice verification policies: enrollment and verification.

You must configure a separate enrollment policy and verification policy.

Configure the following policy settings:

Voice Verification: Select Required, Optional, or Disabled.
Enrollment: Click the toggle to enable an enrollment policy. Disable for a verification policy.
Samples Required: The number of voice samples the user must record for enrollment.
Voice Phrase: Phrase the user repeats for enrollment or verification.

You can configure custom phrases with the API. Learn more in Create Custom Voice Phrase in the PingOne developer documentation.

Comparison Threshold: Voice samples are less likely to match with the voice template at higher thresholds.
Liveness Threshold: Voice samples are less likely to pass liveness testing at higher thresholds.
Store Original Recordings: Click the toggle to enable storing the original voice sample after a successful transaction.
Enhance Reference On Re-Enrollment: Click the toggle to enhance the existing voice reference on re-enrollment. If disabled, the voice reference is replaced instead of enhanced with additional data.
Enhance Reference on Verification: Click the toggle to enable improving the existing voice reference by adding a new template.

You can only enable or disable Enhance Reference on Verification if Enrollment is enabled.

Phone

Phone Verification: Select Required, Optional, or Disabled.

Create MFA Device: Click the toggle to enable registration of a user’s phone number as a trusted MFA device after successful OTP or web link verification.

Email

Email Verification: Select Required, Optional, or Disabled

Create MFA Device: Click the toggle to enable registration of a user’s email address as a trusted MFA device after successful OTP or web link verification.

Example:

An example configuration on the Add Policy page.

A screen capture of the verify policy configuration page.

Click Save.

Result:

Your new policy is shown on the Verify Policies page.