Identity Cloud

iProov Authentication node

The iProov Authentication node integrates the iProov Genuine Presence Assurance® (GPA) and Liveness Assurance™ (LA) directly from within your authentication journey on Identity Cloud.


Product Compatible?

ForgeRock Identity Cloud


ForgeRock Access Management (self-managed)


ForgeRock Identity Platform (self-managed)



A unique username is required in the shared state before the iProov Authentication node executes.


To use this node, you must configure your iProov tenant. Refer to Setting up the iProov tenant.


The configurable properties for this node are:

Property Usage

iProov Tenant

The hostname of your iProov tenant, either or

iProov Base URL

The iProov URL context that contains the version of the REST API, which is /api/v2.

iProov API Key

The API key you obtained from iProov.

iProov API Secret

The API secret from iProov.

iProov OAuth Username

The username of the OAuth user on iProov.

iProov OAuth Password

The password of the user on iProov.

iProov Assurance Type

The type of API assurance on iProov:

  • GPA: Generic Presence Assurance

  • LA: Liveness Assurance

    Default: GPA.

iProov Authentication Type

The type of authentication. It can be one of:

  • Enrol - for enrolling the user into iProov.

  • Verify - for verifying the user’s liveness.

  • Combined - for enrollment if the user is not enrolled, otherwise verify the user’s liveness.

    Default: Enrol.

User Unique ID Attribute

The unique ID of the user enrolled with iProov. This attribute must exist in the user’s AM profile in the identity repository.

User Search Attributes

An alternative attribute that contains the username value, and is used to search a user in the underlying identity store.

ForgeRock UI

A boolean attribute for determining how the iProovWeb SDK is rendered to the user.

  • When set to true, you can view the iProovWebSDK on the Identity Cloud admin UI.

  • When set to false, you can view the iProovWebSDK by going to Native Consoles > Access Management.

    Default: true.

iProov Version

The version of the iProov web SDK to use. Now 5.0.0 and 5.0.1 are supported. Default: 5.0.0.

Title Text Color

Adjusts the color of the title text above the central oval where the image is captured. By default, no title is used. Refer to the Custom Title attribute for more information.

Surround Color

Adjusts the color surrounding the central oval. It also affects the color of the mask in Liveness Assurance with a clear or blur filter.

Prompt Text Color

Adjusts the color of the text visible in the central prompt of the screen.

Prompt Background Color

Adjusts the color of the background in the central prompt of the screen.

Header Background Color

Adjusts the color of the background in the top bar of the application, transparent by default.

Custom Title

The title of the camera view that appears above the image area when the camera is capturing the image. Specify a custom title to be shown. Default: An empty string ("").

Assets URL

Critical dependencies are loaded from the content delivery network (CDN) at In a production environment, set this property to your CDN, for example:


A relative link, absolute path or the data URI to your custom logo. The logo can be in any web format, though it is recommended to use the SVG format. If you don’t specify a logo, the iProov logo is displayed. Set to null if you don’t want a logo to be displayed.

Network Timeout

Time in seconds for the backend to acknowledge a message. If the timeout is exceeded, Identity Cloud returns an error with the feedback code error_network.

Default: 20 (seconds).

iProov Camera Filter

Controls the filter for the camera preview. The value can be classic, shaded, or vibrant. For Liveness Assurance, two additional filters, clear and blur, are provided. The blur filter is removed when the claim progresses.

+ Default: shaded.

Prompt Rounded Corners

The floating prompt has rounded corners by default. To disable rounded corners, set this attribute to false.


By default, log messages at level info or lower are hidden. They can be displayed on the console by setting Debug to true. Log messages at the warning and error levels are always displayed on the console.


Customize the markup styling and automatically inherit your application’s styles by using the Slots attribute.

Aria Live

Control the priority of messages being read out by the screen reader. Refer to ARIA live regions in Mozilla documentation for more information on ARIA live. By default, this is set to assertive to indicate time-sensitive or critical notifications that require the user’s immediate attention. This can be disabled by setting it to off or polite.


The following outputs are stored in the shared node state:

Output Variable Variable Description


The complete validation response from iProov API in JSON format.


Photo from the validated API endpoint response.



The iProov verification process is completed successfully.


The iProov verification process returned a failure because a user connection or device failed during the verification process.


The iProov verification process is incomplete due to a failure or user error and can be retried.


A fatal exception occurred due to misconfiguration or an error with the user account. Exceptions are logged at the Error level, and put in the SharedState.


The user has opted to cancel the iProov verification.


If this node logs an error, review the log messages to find the reason for the error and address the issue appropriately.


This example journey highlights the use of the iProov Authentication node to authenticate by using facial biometrics.

iproov journey

Identity Cloud provides sample journeys you can download to understand and address the most common iProov authentication use cases.

Copyright © 2010-2024 ForgeRock, all rights reserved.