The Okta BYO IDV integration embeds 1Kosmos identity verification into Okta account management policies, triggering biometric and document checks during high-risk actions like password recovery.
Integration type
Auth/IDP
Overview
1Kosmos integrates with Okta as a custom identity verification provider through Okta's Bring Your Own IDV capability. Administrators can trigger government ID and biometric verification during high-risk account actions like password recovery or authenticator enrollment. The integration uses OIDC with PAR, sending verification results back to Okta for policy evaluation without users leaving Okta.
What we solve
High-risk account actions—like password recovery and authenticator enrollment—are prime targets for social engineering, and standard IAM controls may not prove the user’s real-world identity. This Okta BYO IDV integration triggers 1Kosmos document and biometric verification inside Okta policies so organizations can require proof of identity at the moments that matter most.
This integration is separate from the standard Okta SSO integration. It does not replace authentication; it adds verified identity proofing as a policy-enforced step within Okta's account management layer. Organizations can configure multiple IDV vendors in parallel and route users to different vendors by group or region.
Prerequisites
Active 1Kosmos tenant with IDV enabled: Contact your 1Kosmos representative to confirm IDV is active and that an OIDC application has been created for the Okta BYO IDV integration.
Okta Identity Engine (OIE): BYO IDV requires Okta Identity Engine. Classic Engine does not support this feature.
Okta MFA or Adaptive MFA license: Required to configure identity verification in Account Management Policies.
Okta administrator access: Rights to manage Identity Providers and Account Management Policies in the Okta Admin Console.
Integration Overview
For specific technical instructions please refer to the Product Documentation: Integrate 1Kosmos as an Identity Provider in Okta.
Step 1: Create an Identity Verification Workflow in 1Kosmos For this integration, create an identity verification workflow in 1Kosmos. This workflow is what end users will go through to verify their identity.
Step 2: Create an OIDC application in AdminX for Okta
In AdminX, create an OIDC Client that will be the connector to Okta.
Step 3: Add 1Kosmos as a custom IDV provider in Okta
Configure 1Kosmos as an IDV provider in Okta.
Step 4: Configure the Okta Account Management Policy
After adding 1Kosmos as an IDV in Okta, configure the account management policy. 1Kosmos identity verification can added as a prerequisite for account enrollment, account recovery, MFA enrollment, and more.
Step 5: Test the integration
Once the integration is set up, test the flow.
Integration notes
The BYO IDV integration only covers Okta Account Management Policy actions (password recovery, authenticator enrollment, account unlock). It does not apply to standard App Sign-in policies; those require a separate Okta integration type.
Organizations requiring IDV for app sign-in should contact 1Kosmos to discuss the appropriate integration path. Okta passes the user's First Name and Last Name attributes from Universal Directory to 1Kosmos as part of the PAR request. Optional fuzzy matching can be configured if document names may not exactly match directory values.
