Salesforce Identity

1Kosmos Achieves DoW IL4 Authorization to Secure Military Identities and Mission Access

Salesforce Identity

The Salesforce Identity integration weaves 1Kosmos proofing and biometric step-up into Salesforce login and business processes. It helps gate registration, sensitive data access, and high-risk actions with verified identity assurance.

Integration type

CRM

What we solve

Salesforce Identity and industry clouds often require stronger assurance for registration, login, and high-risk actions (financial changes, PHI access, high-value commerce), but native controls may not prove the user’s real-world identity. This integration weaves 1Kosmos identity proofing and biometric step-up into Salesforce login flows and business processes (OIDC provider, Apex callouts, and platform events) so sensitive operations are gated by verified identity and captured in an audit trail.

Integration architecture

Salesforce Identity integration operates through three mechanisms.

Mechanism A: Connected App with OIDC

1Kosmos is registered as an external authentication provider in Salesforce. Login Flows trigger identity proofing during registration or login.

Mechanism B: Apex callouts

Salesforce Apex code invokes 1Kosmos REST APIs to create proofing sessions, check results, and trigger step-up challenges from within Salesforce business processes.

// Apex: Trigger 1Kosmos proofing session from a Salesforce Flow
public class BlockIDVerifyService {

    @InvocableMethod(label='Create IDV Session' description='Triggers 1Kosmos identity verification')
    public static List<idvresult> createSession(List<idvrequest> requests) {
        List<idvresult> results = new List<idvresult>();

        for (IDVRequest req : requests) {
            HttpRequest httpReq = new HttpRequest();
            httpReq.setEndpoint('callout:BlockID_API/v1/verify/sessions');
            httpReq.setMethod('POST');
            httpReq.setHeader('Content-Type', 'application/json');
            httpReq.setBody(JSON.serialize(new Map<string, object="">{
                'document_types' => new List<string>{'drivers_license', 'passport'},
                'liveness_mode' => 'active',
                'callback_url' => req.callbackUrl,
                'metadata' => new Map<string, string="">{
                    'salesforce_user_id' => req.userId,
                    'salesforce_account_id' => req.accountId
                }
            }));

            Http http = new Http();
            HttpResponse resp = http.send(httpReq);
            Map<string, object=""> body = (Map<string, object="">) JSON.deserializeUntyped(resp.getBody());

            IDVResult result = new IDVResult();
            result.sessionId = (String) body.get('session_id');
            result.redirectUrl = (String) body.get('redirect_url');
            results.add(result);
        }
        return results;
    }

    @InvocableMethod(label='Request LiveID Step-Up')
    public static List<stepupresult> requestStepUp(List<stepuprequest> requests) {
        // Trigger LiveID biometric challenge for high-value actions
        // Implementation follows same pattern as createSession
    }
}</stepuprequest></stepupresult></string,></string,></string,></string></string,></idvresult></idvresult></idvrequest></idvresult>

// Apex: Trigger 1Kosmos proofing session from a Salesforce Flow
public class BlockIDVerifyService {

    @InvocableMethod(label='Create IDV Session' description='Triggers 1Kosmos identity verification')
    public static List<idvresult> createSession(List<idvrequest> requests) {
        List<idvresult> results = new List<idvresult>();

        for (IDVRequest req : requests) {
            HttpRequest httpReq = new HttpRequest();
            httpReq.setEndpoint('callout:BlockID_API/v1/verify/sessions');
            httpReq.setMethod('POST');
            httpReq.setHeader('Content-Type', 'application/json');
            httpReq.setBody(JSON.serialize(new Map<string, object="">{
                'document_types' => new List<string>{'drivers_license', 'passport'},
                'liveness_mode' => 'active',
                'callback_url' => req.callbackUrl,
                'metadata' => new Map<string, string="">{
                    'salesforce_user_id' => req.userId,
                    'salesforce_account_id' => req.accountId
                }
            }));

            Http http = new Http();
            HttpResponse resp = http.send(httpReq);
            Map<string, object=""> body = (Map<string, object="">) JSON.deserializeUntyped(resp.getBody());

            IDVResult result = new IDVResult();
            result.sessionId = (String) body.get('session_id');
            result.redirectUrl = (String) body.get('redirect_url');
            results.add(result);
        }
        return results;
    }

    @InvocableMethod(label='Request LiveID Step-Up')
    public static List<stepupresult> requestStepUp(List<stepuprequest> requests) {
        // Trigger LiveID biometric challenge for high-value actions
        // Implementation follows same pattern as createSession
    }
}</stepuprequest></stepupresult></string,></string,></string,></string></string,></idvresult></idvresult></idvrequest></idvresult>

// Apex: Trigger 1Kosmos proofing session from a Salesforce Flow
public class BlockIDVerifyService {

    @InvocableMethod(label='Create IDV Session' description='Triggers 1Kosmos identity verification')
    public static List<idvresult> createSession(List<idvrequest> requests) {
        List<idvresult> results = new List<idvresult>();

        for (IDVRequest req : requests) {
            HttpRequest httpReq = new HttpRequest();
            httpReq.setEndpoint('callout:BlockID_API/v1/verify/sessions');
            httpReq.setMethod('POST');
            httpReq.setHeader('Content-Type', 'application/json');
            httpReq.setBody(JSON.serialize(new Map<string, object="">{
                'document_types' => new List<string>{'drivers_license', 'passport'},
                'liveness_mode' => 'active',
                'callback_url' => req.callbackUrl,
                'metadata' => new Map<string, string="">{
                    'salesforce_user_id' => req.userId,
                    'salesforce_account_id' => req.accountId
                }
            }));

            Http http = new Http();
            HttpResponse resp = http.send(httpReq);
            Map<string, object=""> body = (Map<string, object="">) JSON.deserializeUntyped(resp.getBody());

            IDVResult result = new IDVResult();
            result.sessionId = (String) body.get('session_id');
            result.redirectUrl = (String) body.get('redirect_url');
            results.add(result);
        }
        return results;
    }

    @InvocableMethod(label='Request LiveID Step-Up')
    public static List<stepupresult> requestStepUp(List<stepuprequest> requests) {
        // Trigger LiveID biometric challenge for high-value actions
        // Implementation follows same pattern as createSession
    }
}</stepuprequest></stepupresult></string,></string,></string,></string></string,></idvresult></idvresult></idvrequest></idvresult>

Mechanism C: Platform Events

1Kosmos publishes verification results to a Salesforce Platform Event channel, enabling real-time consumption by Salesforce Flows and Lightning components.

Step-up verification flow

Salesforce Financial Services Cloud and Health Cloud customers require step-up verification for high-value operations.

Step-up use cases within Salesforce:

Financial Services Cloud: Policy changes, claims approvals, large fund transfers, account beneficiary changes. A Salesforce Flow evaluates the transaction amount against a threshold and conditionally invokes the 1Kosmos LiveID step-up via Apex callout.
Health Cloud: Prescription authorization, patient record access by non-primary providers, insurance pre-authorization overrides. HIPAA-regulated step-up before accessing or modifying Protected Health Information (PHI).
Commerce Cloud: High-value e-commerce transactions, loyalty point redemptions above a threshold, account takeover prevention during checkout.
Audit trail: The biometric result is recorded as an Activity on the relevant Salesforce object (Opportunity, Case, Account) for compliance and audit purposes.

Transform how you verify and authenticate

Secure onboarding, eliminate passwords, and stop fraud on one platform. Schedule a demo and see it in action.

Request a demo

Talk to sales

Transform how you verify and authenticate

Secure onboarding, eliminate passwords, and stop fraud on one platform. Schedule a demo and see it in action.

Request a demo

Talk to sales

Transform how you verify and authenticate

Secure onboarding, eliminate passwords, and stop fraud on one platform. Schedule a demo and see it in action.

Request a demo

Talk to sales