iProov Authentication node

The iProov Authentication node integrates the iProov Genuine Presence Assurance® (GPA) and Liveness Assurance™ (LA) directly from within your authentication journey on Identity Cloud.

Compatibility

Product	Compatible?
ForgeRock Identity Cloud	Yes
ForgeRock Access Management (self-managed)	Yes
ForgeRock Identity Platform (self-managed)	Yes

Product

Compatible?

ForgeRock Identity Cloud

Yes

ForgeRock Access Management (self-managed)

Yes

ForgeRock Identity Platform (self-managed)

Yes

Inputs

A unique username is required in the shared state before the iProov Authentication node executes.

Dependencies

To use this node, you must configure your iProov tenant. Refer to Setting up the iProov tenant.

Configuration

The configurable properties for this node are:

Property Usage

Property	Usage
iProov Tenant	The hostname of your iProov tenant, either `us.rp.secure.iproov.me` or `eu.rp.secure.iproov.me`.
iProov Base URL	The iProov URL context that contains the version of the REST API, which is `/api/v2`.
iProov API Key	The API key you obtained from iProov.
iProov API Secret	The API secret from iProov.
iProov OAuth Username	The username of the OAuth user on iProov.
iProov OAuth Password	The password of the user on iProov.
iProov Assurance Type	The type of API assurance on iProov: `GPA`: Generic Presence Assurance `LA`: Liveness Assurance Default: `GPA`.
iProov Authentication Type	The type of authentication. It can be one of: `Enrol` - for enrolling the user into iProov. `Verify` - for verifying the user’s liveness. `Combined` - for enrollment if the user is not enrolled, otherwise verify the user’s liveness. Default: `Enrol`.
User Unique ID Attribute	The unique ID of the user enrolled with iProov. This attribute must exist in the user’s AM profile in the identity repository.
User Search Attributes	An alternative attribute that contains the username value, and is used to search a user in the underlying identity store.
ForgeRock UI	A boolean attribute for determining how the iProovWeb SDK is rendered to the user. When set to `true`, you can view the iProovWebSDK on the Identity Cloud admin UI. When set to `false`, you can view the iProovWebSDK by going to Native Consoles > Access Management. Default: `true`.
iProov Version	The version of the iProov web SDK to use. Now 5.0.0 and 5.0.1 are supported. Default: 5.0.0.
Title Text Color	Adjusts the color of the title text above the central oval where the image is captured. By default, no title is used. Refer to the Custom Title attribute for more information.
Surround Color	Adjusts the color surrounding the central oval. It also affects the color of the mask in Liveness Assurance with a `clear` or `blur` filter.
Prompt Text Color	Adjusts the color of the text visible in the central prompt of the screen.
Prompt Background Color	Adjusts the color of the background in the central prompt of the screen.
Header Background Color	Adjusts the color of the background in the top bar of the application, transparent by default.
Custom Title	The title of the camera view that appears above the image area when the camera is capturing the image. Specify a custom title to be shown. Default: An empty string ("").
Assets URL	Critical dependencies are loaded from the content delivery network (CDN) at `cdn.iproov.app`. In a production environment, set this property to your CDN, for example: https://cdn.iproov.app/myassets.
Logo	A relative link, absolute path or the data URI to your custom logo. The logo can be in any web format, though it is recommended to use the SVG format. If you don’t specify a logo, the iProov logo is displayed. Set to `null` if you don’t want a logo to be displayed.
Network Timeout	Time in seconds for the backend to acknowledge a message. If the timeout is exceeded, Identity Cloud returns an error with the feedback code `error_network`. Default: 20 (seconds).
iProov Camera Filter	Controls the filter for the camera preview. The value can be classic, shaded, or vibrant. For Liveness Assurance, two additional filters, clear and blur, are provided. The blur filter is removed when the claim progresses. + Default: shaded.
Prompt Rounded Corners	The floating prompt has rounded corners by default. To disable rounded corners, set this attribute to `false`.
Debug	By default, log messages at level `info` or lower are hidden. They can be displayed on the console by setting Debug to `true`. Log messages at the `warning` and `error` levels are always displayed on the console.
Slots	Customize the markup styling and automatically inherit your application’s styles by using the Slots attribute.
Aria Live	Control the priority of messages being read out by the screen reader. Refer to ARIA live regions in Mozilla documentation for more information on ARIA live. By default, this is set to `assertive` to indicate time-sensitive or critical notifications that require the user’s immediate attention. This can be disabled by setting it to `off` or `polite`.

iProov Tenant

The hostname of your iProov tenant, either us.rp.secure.iproov.me or eu.rp.secure.iproov.me.

iProov Base URL

The iProov URL context that contains the version of the REST API, which is /api/v2.

iProov API Key

The API key you obtained from iProov.

iProov API Secret

The API secret from iProov.

iProov OAuth Username

The username of the OAuth user on iProov.

iProov OAuth Password

The password of the user on iProov.

iProov Assurance Type

The type of API assurance on iProov:

GPA: Generic Presence Assurance
LA: Liveness Assurance

Default: GPA.

iProov Authentication Type

The type of authentication. It can be one of:

Enrol - for enrolling the user into iProov.
Verify - for verifying the user’s liveness.
Combined - for enrollment if the user is not enrolled, otherwise verify the user’s liveness.

Default: Enrol.

User Unique ID Attribute

The unique ID of the user enrolled with iProov. This attribute must exist in the user’s AM profile in the identity repository.

User Search Attributes

An alternative attribute that contains the username value, and is used to search a user in the underlying identity store.

ForgeRock UI

A boolean attribute for determining how the iProovWeb SDK is rendered to the user.

When set to true, you can view the iProovWebSDK on the Identity Cloud admin UI.
When set to false, you can view the iProovWebSDK by going to Native Consoles > Access Management.

Default: true.

iProov Version

The version of the iProov web SDK to use. Now 5.0.0 and 5.0.1 are supported. Default: 5.0.0.

Title Text Color

Adjusts the color of the title text above the central oval where the image is captured. By default, no title is used. Refer to the Custom Title attribute for more information.

Surround Color

Adjusts the color surrounding the central oval. It also affects the color of the mask in Liveness Assurance with a clear or blur filter.

Prompt Text Color

Adjusts the color of the text visible in the central prompt of the screen.

Prompt Background Color

Adjusts the color of the background in the central prompt of the screen.

Header Background Color

Adjusts the color of the background in the top bar of the application, transparent by default.

Custom Title

The title of the camera view that appears above the image area when the camera is capturing the image. Specify a custom title to be shown. Default: An empty string ("").

Assets URL

Critical dependencies are loaded from the content delivery network (CDN) at cdn.iproov.app. In a production environment, set this property to your CDN, for example: https://cdn.iproov.app/myassets.

Logo

A relative link, absolute path or the data URI to your custom logo. The logo can be in any web format, though it is recommended to use the SVG format. If you don’t specify a logo, the iProov logo is displayed. Set to null if you don’t want a logo to be displayed.

Network Timeout

Time in seconds for the backend to acknowledge a message. If the timeout is exceeded, Identity Cloud returns an error with the feedback code error_network.

Default: 20 (seconds).

iProov Camera Filter

Controls the filter for the camera preview. The value can be classic, shaded, or vibrant. For Liveness Assurance, two additional filters, clear and blur, are provided. The blur filter is removed when the claim progresses.

+ Default: shaded.

Prompt Rounded Corners

The floating prompt has rounded corners by default. To disable rounded corners, set this attribute to false.

Debug

By default, log messages at level info or lower are hidden. They can be displayed on the console by setting Debug to true. Log messages at the warning and error levels are always displayed on the console.

Slots

Customize the markup styling and automatically inherit your application’s styles by using the Slots attribute.

Aria Live

Control the priority of messages being read out by the screen reader. Refer to ARIA live regions in Mozilla documentation for more information on ARIA live. By default, this is set to assertive to indicate time-sensitive or critical notifications that require the user’s immediate attention. This can be disabled by setting it to off or polite.

Outputs

The following outputs are stored in the shared node state:

Output Variable	Variable Description
iProovValidateResponse	The complete validation response from iProov API in JSON format.
iProoveValidatePhoto	Photo from the validated API endpoint response.

Output Variable

Variable Description

iProovValidateResponse

The complete validation response from iProov API in JSON format.

iProoveValidatePhoto

Photo from the validated API endpoint response.

Outcomes

Success: The iProov verification process is completed successfully.
Failure: The iProov verification process returned a failure because a user connection or device failed during the verification process.
Retry: The iProov verification process is incomplete due to a failure or user error and can be retried.
Error: A fatal exception occurred due to misconfiguration or an error with the user account. Exceptions are logged at the Error level, and put in the SharedState.
Cancel: The user has opted to cancel the iProov verification.

Troubleshooting

If this node logs an error, review the log messages to find the reason for the error and address the issue appropriately.

Examples

This example journey highlights the use of the iProov Authentication node to authenticate by using facial biometrics.

Identity Cloud provides sample journeys you can download to understand and address the most common iProov authentication use cases.