Integration architecture
Mechanism A: Screen-Sets extensions
SAP CDC's registration and login Screen-Sets include a 1Kosmos verification step via JavaScript SDK embedding. The 1Kosmos JavaScript SDK renders the proofing UI within the SAP CDC registration flow, capturing document scans and biometric selfies without leaving the SAP-branded experience.
Mechanism B: OIDC federation
1Kosmos serves as a federated provider within SAP CDC's social/enterprise login configuration. The OIDC configuration follows the same pattern as other platforms: authorize with /assurance/ial/2 scope, receive id_token with IAL2 claims on callback.
Mechanism C: Extensions (webhooks)
SAP CDC's onBeforeSetAccountInfo and onBeforeAccountsLogin extensions trigger 1Kosmos API calls to validate identity before account creation or login completion.
function onBeforeSetAccountInfo(params) {
if (!params.data?.idv_status || params.data.idv_status !== 'verified') {
var response = httpClient.post(
'https://{blockid-tenant}.1kosmos.net/v1/verify/sessions/' +
params.data.idv_session_id + '/status',
{ headers: { 'Authorization': 'Bearer ' + secrets.BLOCKID_API_KEY } }
);
var result = JSON.parse(response.body);
if (result.status === 'completed' && result.result.ial_level === 'IAL2') {
params.data.idv_status = 'verified';
params.data.ial_level = 'IAL2';
params.data.proofing_timestamp = new Date().toISOString();
} else {
return { errorCode: 403005, errorMessage: 'Identity verification required' };
}
}
return params;
}
function onBeforeSetAccountInfo(params) {
if (!params.data?.idv_status || params.data.idv_status !== 'verified') {
var response = httpClient.post(
'https://{blockid-tenant}.1kosmos.net/v1/verify/sessions/' +
params.data.idv_session_id + '/status',
{ headers: { 'Authorization': 'Bearer ' + secrets.BLOCKID_API_KEY } }
);
var result = JSON.parse(response.body);
if (result.status === 'completed' && result.result.ial_level === 'IAL2') {
params.data.idv_status = 'verified';
params.data.ial_level = 'IAL2';
params.data.proofing_timestamp = new Date().toISOString();
} else {
return { errorCode: 403005, errorMessage: 'Identity verification required' };
}
}
return params;
}
function onBeforeSetAccountInfo(params) {
if (!params.data?.idv_status || params.data.idv_status !== 'verified') {
var response = httpClient.post(
'https://{blockid-tenant}.1kosmos.net/v1/verify/sessions/' +
params.data.idv_session_id + '/status',
{ headers: { 'Authorization': 'Bearer ' + secrets.BLOCKID_API_KEY } }
);
var result = JSON.parse(response.body);
if (result.status === 'completed' && result.result.ial_level === 'IAL2') {
params.data.idv_status = 'verified';
params.data.ial_level = 'IAL2';
params.data.proofing_timestamp = new Date().toISOString();
} else {
return { errorCode: 403005, errorMessage: 'Identity verification required' };
}
}
return params;
}Step-up verification flow
SAP CDC integrates with SAP Commerce Cloud, S/4HANA, and SuccessFactors. Step-up verification applies across the SAP application portfolio.
Step-up use cases within SAP ecosystem:
Commerce Cloud: B2C e-commerce transactions above a configurable value threshold trigger LiveID before order confirmation
SuccessFactors: HR onboarding document submission, payroll changes, benefits enrollment require biometric verification
Ariba: Supplier portal access for high-value procurement actions, contract signing
S/4HANA: Financial posting approvals, vendor master data changes
