Simple Identity Orchestration & Secure Face Verification On Any Device | iProov + Monokee

Monokee & iProov Partnership

Monokee and iProov are now collaborating to take another leap forward in authentication technology. We have seamlessly integrated iProov’s cutting-edge face verification capabilities as an innovative authentication method within Monokee’s low/no-code Identity and Access Management (IAM) identity orchestration platform.

In this article, we'll explain how iProov and Monokee's combined technologies work together to enhance security and user experience, creating a frictionless, passwordless option for enterprises.

Understanding iProov and Monokee’s Partnership

Identity orchestration is the process of coordinating and managing various identity services and technologies within an organization's IT infrastructure. It involves integrating and orchestrating different identity-related solutions, such as authentication, authorization, user management, and access control into a cohesive and centralized identity platform.

With Monokee, organizations can utilize drag-and-drop interfaces, pre-built templates, and visual tools to configure and manage complex identity workflows without extensive coding efforts. This innovative combination of advanced IAM capabilities empowers businesses to streamline identity processes, enhance productivity, and maintain a secure digital landscape with remarkable ease and flexibility.

iProov is the market-leading biometric solution, providing science-based facial verification that protects the world’s most security-conscious organizations from deepfakes and other types of identity fraud. Powered by patented liveness technology and active threat management, iProov assures an individual is the right person, a real person, and authenticating right now.

iProov and Monokee have integrated their best-in-class technologies to enable effortless authentication and enrollment using face biometrics as part of a wider IAM solution that’s effortless and reusable. The two solutions complement each other, combining industry-leading IAM and biometric face verification into one powerful, end-to-end solution.

Watch the integration in practice:

Next, let’s understand the specific benefits and use cases of their integration.

Critical benefits of iProov & Monokee integration

Improved User Experience

• Option for direct laptop camera usage: In addition to the existing smartphone scanning method, users now have the option to utilize their laptop's camera directly for face verification using iProov through the Monokee platform. This alternative streamlined process eliminates the need for a separate smartphone, significantly speeding up authentication procedures and providing a faster and more convenient user experience. Direct laptop camera usage also improves accessibility by catering to those who may not have a smartphone or prefer to use their laptop for authentication. Plus, this can facilitate the secure use of shared corporate devices in business locations like factories and offices.
• Consistent mobile experience: While laptop users benefit from the direct use of the camera, those accessing the solution from a mobile device can likewise use the new face verification functionality without the need to install an external application, ensuring a consistent and seamless experience across devices.

Accessibility & Flexibility

• Simple enrollment process: The simple enrollment process allows users to enroll once through our dedicated enrollment flow. Afterward, it sets up everything for using iProov in all future authentications, simplifying the user experience and reducing friction.
• Support for a wide range of devices and platforms, ensuring accessibility for diverse user groups and environments.

Enhanced Security

• Cutting-edge facial verification: iProov’s technology is trusted by organizations worldwide such as The Department Of Homeland Security and UBS to prevent identity fraud and protect against deepfakes and other threats with unrivaled attack detection.
• Simple enablement of multi-factor authentication (MFA) and passwordless authentication using the inherence factor to bolster the security of traditional methods and flows. With iProov and Monokee, individuals simply authenticate with their face - from any device, anywhere.

Example Use case of iProov and Monokee

Let's consider a sample use case, use Monokee V.I.O. to enable secure verification before granting access to a third party SAML application such as Salesforce.

Access SAML application using Face Verification

Imagine a sales representative at a global company that utilizes any SAML application (such as Salesforce) to manage customer relationships and sales data. The user can access the SAML service through the Monokee platform, where he has already been authenticated to ensure a secure and seamless user experience.

Here's how the user utilizes Monokee's integrated iProov face verification feature powered by iProov to log in to any SAML application securely:

1. Accessing Salesforce via Monokee: the user navigates to the Monokee platform and selects the option to access Salesforce, where he needs to view and update customer information. Upon selecting the target app, Monokee's Authentication Flow is triggered, prompting the user to undergo the face verification process as an additional security measure before gaining access.
2. User Authentication Check: As the user is already authenticated on the Monokee platform, the system retrieves their existing data and confirms his identity without requiring him to input additional credentials or passwords.
3. Obtaining iProov Token : the authentication process is identified and secured by an Access Token retrieved from iProov Service Provider and stored on the backend side.
4. Initialize iProov instance: create a new iProov instance and update the user's page.
5. Performing Face Scan: the user encounters the Monokee Frontend Form displaying the iProov scan button. The user proceeds to perform the face scan using his laptop's camera as prompted.
6. Verifying Scan Result: after completing the face scan, Monokee checks the scan result by communicating with the iProov Service Provider using the Token obtained earlier to validate the user's identity.
7. Successful Login: upon successful verification of the face scan, the user's session is securely authenticated, and they gain access to Salesforce. Now, the user can view and manage customer data within the SAML application with confidence, knowing that his identity has been securely authenticated by face verification technology through Monokee and iProov’s integrated solution.

Straightforward Authentication, Onboarding & JML Processes: iProov-Monokee Integration Explained

The integration between iProov and Monokee involves two separate flows: one for the enrollment process and another for the authentication phase. Both flows are designed to be simple and user-friendly, leveraging Monokee's frontend forms to deliver the iProov face scan to the end user and then checking the backend request status to ensure the process has ended successfully.

Enrollment Flow

The enrollment process has the following steps:

1. Retrieve authenticated user data and set flow constants: the flow checks if the user running the current flow is already authenticated and has valid data registered on Monokee. Also, this step sets the flow constants like iProov Service Provider (SP) base URL, API Key, and a Secret.
2. Obtain a new iProov Token from the SP: the flow does a backend API request to the iProov Service Provider to get a new Token, which is necessary to proceed with the scan and to authenticate the user during the whole process also to iProov side.
3. Show iProov scan form: using a Monokee Frontend Form block, iProov’s SDK is easily imported to show the scan button to the user.
4. Check scan result: after the scan, Monokee calls the iProov Service Provider endpoint to get the scan result using the Token obtained at the beginning.
5. Show a success message: if everything was successful, let the user know.

Figure 1 - Monokee VIO Enrollment Flow

Authentication Flow

The authentication process has the following steps:

1. Split the flow based on whether the user is already authenticated or not. 1.1 If the user is not authenticated (maybe is trying to log in using iProov), we have to ask them for an email, check if they are registered on Monokee, and then retrieve their data 1.2 If the user is already authenticated (maybe they are accessing some resources or needs to re-authenticate themselves), so we only need to retrieve its data
2. Set flow constants: same as for the previous flow
3. Obtain a new iProov Token from the SP: same as for the previous flow
4. Check scan result: same as for the previous flow
5. Bind (or refresh) user session: if everything was successful, create a new session for that user and redirect him to the Monokee application broker.

Figure 2 - Monokee VIO Authentication Flow

Authentication Flow with Just-in-Time Enrollment

Let’s suppose our target client has just onboarded iProov technology and now requires that all existing users authenticate securely instead of using credentials. To acknowledge this need and provide a user journey to tackle it, on Monokee it is possible to integrate a conditional clause that triggers only upon receiving an API error code from iProov. Such an error would indicate that the user is not yet on board with the new secure login system, thus needs to be authenticated with a fallback credential set. Once authenticated, the enroll process illustrated above can be included as a single node to ensure proper user experience.

Figure 3 - Monokee VIO Authentication Flow with Just-in-Time Enrollment

Conclusion

In essence, both flows leverage the power of our Visual Identity Orchestrator's blocks to create a cohesive, high-assurance, and user-centric experience, from initial enrollment to subsequent authentications, fostering a seamless integration process.

Together, iProov and Monokee enable enterprises to securely and effortlessly onboard new users and authenticate existing users with the highest level of assurance, user experience, and accessibility.