# Okta Integration with VerifEye

This guide walks you through setting up VerifEye as a generic OpenID Connect (OIDC) provider in Okta, enabling you to use VerifEye's biometric verification as an authentication factor in your Okta-managed applications.

# Prerequisites

Before configuring Okta, ensure you have:

Admin access to your Okta organization
A VerifEye account and API key, and a verification configuration set up for OIDC integration (see below)
Understanding of the OpenID Connect flow

# Configuring the VerifEye Verification

To integrate VerifEye with Okta, you need to create a VerifEye verification configuration that will be used as the OIDC provider. Follow these steps:

You can create a new verification configuration in the VerifEye Developer Console under Verification Configurations. Make sure to note the configuration ID and API key, as you will need these for the Okta setup.

# 1. Basic Settings

When creating the verification configuration, set the following basic settings:

Field	Value
Name	Okta OIDC Verification
Passed URL	Set the OpenID Connect endpoints depending on your VerifEye region, for example for the EU region: `https://verifeye-oidc-eu.realeyes.ai/v1/openid/verify-result`
Failed URL	Set the OpenID Connect endpoints depending on your VerifEye region, for example for the EU region: `https://verifeye-oidc-eu.realeyes.ai/v1/openid/verify-result`

# 2. Verifier Configuration

For the OIDC integration, you must configure the verification configuration to include the following settings:

Face Recognition
- Unique Match Verification: one person can be only registered once in the system, if the same person tries to register again with a different identifier (email address), the verification will fail
- Match Verification: one person can be registered multiple times in the system, if the same person tries to register again with a different identifier (email address), the verification will pass

Additionally you can configure other settings such as liveness detection, age or gender verification.

# 3. Advanced Settings

For the OIDC integration, you must also configure the following advanced settings:

Include Signature: enabled
Include Verification Result: enabled
Include Custom Input Parameters: enabled
Force Signed Input: enabled

# Adding VerifEye as Generic OIDC Provider

# 1. Create New Identity Provider

Navigate to Security > Identity Providers in your Okta Admin Console
Click Add Identity Provider
Select Add OpenID Connect IdP

# 2. Configure Provider Settings

Configure the following basic settings:

Field	Value
Name	VerifEye OIDC
Client ID	Your VerifEye verification configuration ID, e.g. if this is your verification URL https://verifeye-service-eu.realeyes.ai/verification/e4fc930b-d780-47e3-ae4c-0d5d2f22e54e then it can be found at the end e4fc930b-d780-47e3-ae4c-0d5d2f22e54e
Client Secret	Your VerifEye API Key, which can be found in the VerifEye Console under Settings > Account Information
Scopes	`openid email`
IdP Usage	`Factor only`

# 3. Configure the Endpoints

Set the OpenID Connect endpoints depending on your VerifEye region, for example for the EU region:

Field	Value
Issuer URL	`https://verifeye-oidc-eu.realeyes.ai`
Authorization URL	`https://verifeye-oidc-eu.realeyes.ai/v1/openid/authorize`
Token URL	`https://verifeye-oidc-eu.realeyes.ai/v1/openid/token`
JWKS URL	`https://verifeye-oidc-eu.realeyes.ai/v1/openid/jwks`

# Required Additional Settings

After creating the OIDC provider, you must configure additional authentication settings:

# 1. Set Up an IdP Authenticator

Create a new authenticator that uses the VerifEye OIDC provider

# 2. Create or Update your App sign-on Policies

Define your rules for when the VerifEye authentication should be triggered in your authentication policies

# Additional Resources

For detailed configuration options and advanced settings, refer to the official Okta documentation:

Important

Remember that configuring only the OIDC provider is not sufficient. You must also set up authenticators and authentication policies to ensure proper security and functionality.