Guides

Incode IDV with Okta: Passwordless Sign-in Experience

Suggest Edits

Prerequisites

  • Before starting, ensure you have followed the Incode Workforce IDV Setup Guide
  • A biometric factor deployed with-in Okta, in this example we are using Okta fastpass.

Configure a passwordless sign-in experience with Okta Fastpass

  • Log in to your Okta Admin Console.
    • Create a group with the initial users you want to test with, we will use a group we made in the previous instructions named Incode Workforce Identity Verification in our example
    • Okta Recommends keeping admins in a separate group for managing password access.
    • Navigate to Security from the left-side menu and select Authenticatiors
    • Edit and Enable Email to be used for Authentication and Recovery
  • Select Enrollment under Authenticators and edit or add a new enrollment policy tied to your passwordless group.
  • Add Email and Okta Verify as required

  • Add or edit a new Authentication Policy to allow only Okta Fastpass to sign into the Okta Dashboard app

  • Navigate to Security from the left-side menu and select Authentication Policies

    • We will create a new policy named A New Passwordless Policy

  • Set your Catch-all Rule to deny all request and then add a new Rule

    • Rule Name: Name your rule ex. (Workforce Passwordless)
    • IF:
      • User's group membership includes: Your Group name - ex. (Incode Workforce Identity Verification)

    • THEN:

      • User must authenticate with: Possession factor
      • Enable Possession factor constraints if needed by your organization
      • In the Allowed Authenticators list ensure only Okta Verify - Fastpass is showing. You can also use Allow specific authentication methods if needed

  • Assign the Okta Dashboard app to the policy

  • Edit your Global Session Policy to not require password
  • Navigate to Security from the left-side menu and select Global Session Policy
  • Edit your Global Session Policy rule so that Establish the user session with: is set to Any factor used to meet the Authentication Policy requirements
  • A new user can now sign into the Okta Verify app and enroll into Fastpass after successfully verifying their identity.
  • This can be tested by reseting a user's authenticators and selecting the remove password option from the user's profile
  • Login to the Okta Verify app directly using your organization's domain.

Updated about 1 month ago