iProov Authentication node

The iProov Authentication node integrates PingOne Advanced Identity Cloud authentication journeys with the iProov Genuine Presence Assurance and Liveness Assurance products from iProov.

iProov is a trusted provider of biometric face verification and authentication solutions that are fully optimized for usability, security, and privacy. Organizations rely on iProov’s defenses against evolving biometric threats while delivering an intuitive user experience.

Availability

Product	Available?
PingOne Advanced Identity Cloud	Yes
PingAM (self-managed)	Yes
Ping Identity Platform (self-managed)	Yes

Product

Available?

PingOne Advanced Identity Cloud

Yes

PingAM (self-managed)

Yes

Ping Identity Platform (self-managed)

Yes

Inputs

This node requires the username in the incoming node state. Implement a Platform Username node before this node in the journey.

Dependencies

To use your iProov verification in your Advanced Identity Cloud authentication journey, you must have an active iProov tenant instance with a configured service provider. Contact your iProov sales representative for more information.

Set up the iProov tenant

To create a service provider in your iProov tenant instance:

Log into your iProov tenant instance.
Go to Service provider > Create new service provider.
1. Enter a name and select a suitable Service Location.
2. Select the Production, Development, or Testing environment in which you want to use the service provider.
3. Then click Create.
Note of the following provider details:
1. Service Location
2. API Key.
3. Primary API Secret.
4. OAuth Username.
5. Primary OAuth Password.
Contact your iProv representative to ensure that Liveness, GPA, and On Validate Return Frame are enabled.

The Validate Return Frame enables the REST API to retrun the photo. The returned photo is an output to the shared node state by the iProov Authentication node.
Liveness and GPA need to be enabled to choose the Assurance Type.
Contact your iProov Representative to enable these parameters.

Configuration

The configurable properties for this node are:

Property Usage

Property	Usage
iProov Tenant	The hostname of your iProov tenant, either `us.rp.secure.iproov.me` or `eu.rp.secure.iproov.me`.
iProov Base URL	The iProov URL context that contains the version of the REST API, which is `/api/v2`.
iProov API Key	The API key you obtained from iProov.
iProov API Secret	The API secret from iProov.
iProov OAuth Username	The username of the OAuth user on iProov.
iProov OAuth Password	The password of the user on iProov.
iProov Assurance Type	The type of API assurance on iProov: `GPA`: Generic Presence Assurance `LA`: Liveness Assurance Default: `GPA`.
iProov Authentication Type	The type of authentication. It can be one of: `Enrol` - for enrolling the user into iProov. `Verify` - for verifying the user’s liveness. `Combined` - for enrollment if the user is not enrolled, otherwise verify the user’s liveness. Default: `Enrol`.
User Unique ID Attribute	The unique ID of the user enrolled with iProov. This attribute must exist in the user’s AM profile in the identity repository.
User Search Attributes	An alternative attribute that contains the username value, and is used to search a user in the underlying identity store.
ForgeRock UI	A boolean attribute for determining how the iProovWeb SDK is rendered to the user. When set to `true`, you can view the iProovWebSDK on the Advanced Identity Cloud admin UI. When set to `false`, you can view the iProovWebSDK by going to Native Consoles > Access Management. Default: `true`.
iProov Version	The version of the iProov web SDK to use. Now 5.0.0 and 5.0.1 are supported. Default: 5.0.0.
Title Text Color	Adjusts the color of the title text above the central oval where the image is captured. By default, no title is used. Refer to the Custom Title attribute for more information.
Surround Color	Adjusts the color surrounding the central oval. It also affects the color of the mask in Liveness Assurance with a `clear` or `blur` filter.
Prompt Text Color	Adjusts the color of the text visible in the central prompt of the screen.
Prompt Background Color	Adjusts the color of the background in the central prompt of the screen.
Header Background Color	Adjusts the color of the background in the top bar of the application, transparent by default.
Custom Title	The title of the camera view that appears above the image area when the camera is capturing the image. Specify a custom title to be shown. Default: An empty string ("").
Assets URL	Critical dependencies are loaded from the content delivery network (CDN) at `cdn.iproov.app`. In a production environment, set this property to your CDN, for example: https://cdn.iproov.app/myassets.
Logo	A relative link, absolute path or the data URI to your custom logo. The logo can be in any web format, though it is recommended to use the SVG format. If you don’t specify a logo, the iProov logo is displayed. Set to `null` if you don’t want a logo to be displayed.
Network Timeout	Time in seconds for the backend to acknowledge a message. If the timeout is exceeded, Advanced Identity Cloud returns an error with the feedback code `error_network`. Default: 20 (seconds).
iProov Camera Filter	Controls the filter for the camera preview. The value can be classic, shaded, or vibrant. For Liveness Assurance, two additional filters, clear and blur, are provided. The blur filter is removed when the claim progresses. + Default: shaded.
Prompt Rounded Corners	The floating prompt has rounded corners by default. To disable rounded corners, set this attribute to `false`.
Debug	By default, log messages at level `info` or lower are hidden. They can be displayed on the console by setting Debug to `true`. Log messages at the `warning` and `error` levels are always displayed on the console.
Slots	Customize the markup styling and automatically inherit your application’s styles by using the Slots attribute.
Aria Live	Control the priority of messages being read out by the screen reader. Refer to ARIA live regions in Mozilla documentation for more information on ARIA live. By default, this is set to `assertive` to indicate time-sensitive or critical notifications that require the user’s immediate attention. This can be disabled by setting it to `off` or `polite`.

iProov Tenant

The hostname of your iProov tenant, either us.rp.secure.iproov.me or eu.rp.secure.iproov.me.

iProov Base URL

The iProov URL context that contains the version of the REST API, which is /api/v2.

iProov API Key

The API key you obtained from iProov.

iProov API Secret

The API secret from iProov.

iProov OAuth Username

The username of the OAuth user on iProov.

iProov OAuth Password

The password of the user on iProov.

iProov Assurance Type

The type of API assurance on iProov:

GPA: Generic Presence Assurance
LA: Liveness Assurance

Default: GPA.

iProov Authentication Type

The type of authentication. It can be one of:

Enrol - for enrolling the user into iProov.
Verify - for verifying the user’s liveness.
Combined - for enrollment if the user is not enrolled, otherwise verify the user’s liveness.

Default: Enrol.

User Unique ID Attribute

The unique ID of the user enrolled with iProov. This attribute must exist in the user’s AM profile in the identity repository.

User Search Attributes

An alternative attribute that contains the username value, and is used to search a user in the underlying identity store.

ForgeRock UI

A boolean attribute for determining how the iProovWeb SDK is rendered to the user.

When set to true, you can view the iProovWebSDK on the Advanced Identity Cloud admin UI.
When set to false, you can view the iProovWebSDK by going to Native Consoles > Access Management.

Default: true.

iProov Version

The version of the iProov web SDK to use. Now 5.0.0 and 5.0.1 are supported. Default: 5.0.0.

Title Text Color

Adjusts the color of the title text above the central oval where the image is captured. By default, no title is used. Refer to the Custom Title attribute for more information.

Surround Color

Adjusts the color surrounding the central oval. It also affects the color of the mask in Liveness Assurance with a clear or blur filter.

Prompt Text Color

Adjusts the color of the text visible in the central prompt of the screen.

Prompt Background Color

Adjusts the color of the background in the central prompt of the screen.

Header Background Color

Adjusts the color of the background in the top bar of the application, transparent by default.

Custom Title

The title of the camera view that appears above the image area when the camera is capturing the image. Specify a custom title to be shown. Default: An empty string ("").

Assets URL

Critical dependencies are loaded from the content delivery network (CDN) at cdn.iproov.app. In a production environment, set this property to your CDN, for example: https://cdn.iproov.app/myassets.

Logo

A relative link, absolute path or the data URI to your custom logo. The logo can be in any web format, though it is recommended to use the SVG format. If you don’t specify a logo, the iProov logo is displayed. Set to null if you don’t want a logo to be displayed.

Network Timeout

Time in seconds for the backend to acknowledge a message. If the timeout is exceeded, Advanced Identity Cloud returns an error with the feedback code error_network.

Default: 20 (seconds).

iProov Camera Filter

Controls the filter for the camera preview. The value can be classic, shaded, or vibrant. For Liveness Assurance, two additional filters, clear and blur, are provided. The blur filter is removed when the claim progresses.

+ Default: shaded.

Prompt Rounded Corners

The floating prompt has rounded corners by default. To disable rounded corners, set this attribute to false.

Debug

By default, log messages at level info or lower are hidden. They can be displayed on the console by setting Debug to true. Log messages at the warning and error levels are always displayed on the console.

Slots

Customize the markup styling and automatically inherit your application’s styles by using the Slots attribute.

Aria Live

Control the priority of messages being read out by the screen reader. Refer to ARIA live regions in Mozilla documentation for more information on ARIA live. By default, this is set to assertive to indicate time-sensitive or critical notifications that require the user’s immediate attention. This can be disabled by setting it to off or polite.

Outputs

The following outputs are stored in the shared node state:

Output Variable	Variable Description
iProovValidateResponse	The complete validation response from iProov API in JSON format.
iProoveValidatePhoto	Photo from the validated API endpoint response.

Output Variable

Variable Description

iProovValidateResponse

The complete validation response from iProov API in JSON format.

iProoveValidatePhoto

Photo from the validated API endpoint response.

Outcomes

Success: The iProov verification process is completed successfully.
Failure: The iProov verification process returned a failure because a user connection or device failed during the verification process.
Retry: The iProov verification process is incomplete due to a failure or user error and can be retried.
Error: A fatal exception occurred due to misconfiguration or an error with the user account. Exceptions are logged at the Error level, and put in the SharedState.
Cancel: The user has opted to cancel the iProov verification.

Troubleshooting

If this node logs an error, review the log messages to find the reason for the error and address the issue appropriately.

Examples

This example journey highlights the use of the iProov Authentication node to authenticate by using facial biometrics.

PingOne Advanced Identity Cloud provides sample journeys you can download to understand and address the most common iProov authentication use cases.

Auth node reference