Identity Cloud

Jumio identity verification


ForgeRock Identity Cloud integrates with Jumio identity verification to let you capture and submit your government-issued ID documents easily and securely. Jumio helps you deter fraud and meet regulatory requirements by verifying ID verification in real time using machine learning. Jumio validates the user’s identity, corroborates it with the user’s selfie, and uses advanced liveness detection to ensure the person is actually present.

Jumio ID Overview

You implement Jumio integration in your Identity Cloud journeys using two authentication nodes:

  • Jumio Initiate. This node triggers the Jumio’s NetVerify service. This service scans a user’s ID and their face to verify their identity. For more information refer to Jumio initiate node.

  • Jumio Decision. This node decides if the user can successfully log in, and upon successful login, maps the Jumio properties to the Identity Cloud Identity Management attributes. For more information refer to Jumio decision node.

The user may not be authenticated due to the following reasons:

  • If the ID scan is unreadable or ID type is unsupported, the login process returns to the initiation node where the user can complete NetVerify scan process.

  • If the process fails or fraud is detected, the user login fails.

Setting up Jumio service in Identity Cloud

Follow these steps to set up Jumio service in Identity Cloud:

  1. Generate Jumio API token and secret:

    1. Sign in to the Jumio Customer Portal.

    2. From the toggle menu on the left, go to Settings > Managed Services > Identity Verification.

    3. In the IDENTITY VERIFICATION menu, go to Api Credentials > OAuth2 Clients, and click Generate a new API token.

    4. In the Generate a new API token window, select Initialize and Retrieve & Delete permissions, and click Confirm.

    5. Enter your Jumio user password to create a new token.

    6. Note the latest system generated token and secret. You will need these to configure the Jumio service in Identity Cloud admin UI.

  2. Configure the Jumio service in Identity Cloud admin UI:

    1. Using another browser window, log in to your tenant Identity Cloud admin UI.

    2. From the left navigation, go to Native Consoles > Access Management.

    3. In the AM admin UI, select Services. Then click + Add a Service.

    4. In the Choose a service type drop-down, select Jumio Service.

      New Service

    5. In the New Service window configure fields for authenticating and reporting to Jumio service.

      Do not put any personally identifiable information (PII) in these fields.

      You should have generated and noted the Token and Secret values as specified in the Note token step.

      You should have already configured Merchant Reporting Criteria and Customer Internal Reference when you set up your identity verification on the Jumio Customer Portal.

      The Merchant Reporting Criteria and Customer Internal Reference fields are used for reporting in the Jumio Customer Portal. You could use these fields for different use cases, for example for auditing purposes.

    Field Description


    Select your deployment region - US, EU, or SG (APAC)


    Specify the token value you noted in the Note token step


    Specify the secret value you noted in the Note token step

    Merchant Reporting Criteria

    Specify the reportingCriteria parameter you configured in your Jumio setup.

    Customer Internal Reference

    Specify the customerInternalReference parameter you configured in your Jumio set up.

    Redirect URI

    Specify https://<tenant-env-fqdn>/am

Configuring a journey in Identity Cloud

  1. Log in to the Identity Cloud admin UI.

  2. Go to Journeys > + New Journey.

  3. Enter a name for the journey, for example JumioTest. Select Alpha realm-Users managed/alpha_user as the Identity Object. Then click Save.

  4. Drag and drop the nodes to create a journey as shown in the following diagram:


  5. In the Jumio Decision node, map Jumio returned parameter attributes to the corresponding Identity Cloud IDM properties.

    The Key is the Jumio parameter, and the Value is the Identity Cloud IDM property. For example:

    • Key = firstName

    • Value = givenName

      In the above example, firstName is the Jumio parameter name for the first name of a user; and givenName is the Identity Cloud IDM property name for the first name of the user.

  6. Click Save.

    The system generates a Preview URL. Use this preview URL for testing the journey and Jumio service you configured.

Testing Jumio verification service integration

  1. Copy and paste the preview URL in an incognito browser window.

  2. Log in using your Identity Cloud credentials. Then click Start to start the verification process when the system prompt appears.

  3. Select your Region and ID type.

  4. Take a photo of the front and back of the ID using the webcam or upload the photo of the ID from your computer.

    Front of ID

    Back of ID

  5. When prompted, complete the face verification step. If the verification is successful, the user is successfully authenticated.

Copyright © 2010-2024 ForgeRock, all rights reserved.