REL-ID for MobileREL-ID APIsREL-ID for Web
Guides
Start typing to search…

Configuration: Allowed IDV Methods

🎯 Purpose

Defines which Identity Verification (IDV) methods are available during account recovery flows. These methods help verify user identity when they cannot access their normal authentication factors.

📍 Configuration Location

  • Module: Auth Server
  • Configuration Name: allowed.idv.methods
  • Access Path: Module Config Management → Auth Server → allowed.idv.methods

📊 Available IDV Methods Configuration

IDV MethodTypeDefault ValueDescription
accessCodeValidationbooleantrueOTP verification via email/SMS
mobilePushVerificationbooleantrueMobile app push notification verification
securityQAbooleantrueSecurity questions and answers
serverSideBiometricAuthenticationbooleanfalseServer-stored biometric verification
webIdvbooleanfalseWeb-based identity verification flow

🔧 IDV Method Details

📧 accessCodeValidation

  • Function: Validates user identity through OTP codes sent to registered channels
  • Channels: Email address or SMS (mobile number)
  • Process: System sends code → User enters code → Identity verified
  • Prerequisites: User must have registered email or mobile number
  • Use Case: User cannot access mobile app but has email/SMS access
  • Security Level: Medium (based on channel control)

Availability Conditions:

  • ✅ Step 1 was skipped (user successfully did 1st factor authentication)
  • ✅ Access code channel is available (email or SMS registered)
  • ✅ Communication channel is functional

📱 mobilePushVerification

  • Function: Verifies identity through REL-ID mobile app push notification
  • Process: System sends push → User approves on mobile → Identity verified
  • Prerequisites: Active registered REL-ID device
  • Use Case: User forgot password but has mobile app access
  • Security Level: High (device-based verification)

Availability Conditions:

  • ✅ User has active registered REL-ID device
  • ✅ System requires password as 1st factor (alwaysAskForPassword = true)
  • ✅ User failed password validation (didn't reach mobile-push-as-2nd-factor step)

❓ securityQA

  • Function: Uses security questions and answers for identity verification
  • Process: System presents questions → User provides answers → Responses validated
  • Prerequisites: User must have set up security questions during registration
  • Use Case: User cannot access mobile devices or communication channels
  • Security Level: Medium (knowledge-based authentication)

Availability Conditions:

  • ✅ User has successfully configured Security Questions & Answers
  • ✅ Questions and answers are stored in user profile
  • ✅ System has multiple questions available for verification

🤖 serverSideBiometricAuthentication

  • Function: Authenticates using server-stored biometric templates
  • Process: User provides biometric sample → Server compares against stored template
  • Prerequisites: User must have biometric template stored on server
  • Use Case: High-security environments with biometric enrollment
  • Security Level: Very High (biometric verification)

Availability Conditions:

  • ✅ User has server-side biometric template stored in profile
  • ✅ Biometric verification system is operational
  • ✅ User has device capable of biometric capture

🌐 webIdv

  • Function: Full web-based identity verification using document verification
  • Process: User provides identity documents → System verifies through KYC API
  • Prerequisites: KYC API configured and operational
  • Use Case: Complete identity re-verification for high-value accounts
  • Security Level: Very High (document-based verification)

Availability Conditions:

  • ✅ KYC API is properly configured
  • ✅ Document comparison capability available
  • ✅ User data on file for comparison
  • ✅ REL-ID IDV Web Server is operational

📋 IDV Method Selection Logic

🤖 Automatic Selection Process

  1. Condition Check: System evaluates each enabled IDV method against user profile
  2. Available Methods: Creates list of methods where conditions are met
  3. Single Method: If only one method available, automatically selected
  4. Multiple Methods: User presented with choice of available methods
  5. No Methods: Error page displayed directing to customer support

👤 User Experience Flow


🎯 Configuration Scenarios

🔒 High Security Enterprise


📱 Mobile-Centric Setup


🌐 Web-Only Environment

⚠️ Configuration Considerations

🚨 Risk Assessment

ScenarioRisk LevelRecommendation
All Methods Disabled⭐⭐⭐⭐⭐ CriticalUsers cannot recover accounts
Single Method Only⭐⭐⭐⭐ HighLimited recovery options if method fails
Access Code Only⭐⭐⭐ MediumVulnerable to communication channel attacks
Multiple Methods⭐⭐ LowBalanced security and usability

🔧 Best Practices

  • Enable Multiple Methods: Provide users with recovery alternatives
  • Match Security Policies: Align IDV methods with organizational security requirements
  • Test Prerequisites: Ensure supporting systems (KYC, biometric) are operational
  • User Communication: Inform users about available recovery methods
  • Regular Review: Periodically assess IDV method effectiveness and usage

🔗 Configuration Management Best Practices

📋 Configuration Change Process

  1. Planning: Assess impact of configuration changes on user experience
  2. Testing: Validate changes in non-production environment
  3. Communication: Notify users of changes that affect their authentication options
  4. Implementation: Apply changes during maintenance windows when possible
  5. Monitoring: Track authentication success rates after configuration changes
  6. Rollback Plan: Maintain ability to revert changes if issues arise

🛡️ Security Considerations

  • Factor Diversity: Enable multiple authentication and IDV methods for resilience
  • Risk Assessment: Balance security requirements with user experience
  • Compliance: Ensure configurations meet regulatory and policy requirements
  • Documentation: Maintain records of configuration changes and rationale

📊 Monitoring and Analytics

  • Usage Metrics: Track which factors and IDV methods are most commonly used
  • Success Rates: Monitor authentication and recovery success rates
  • User Feedback: Collect input on authentication experience and difficulties
  • System Performance: Ensure configuration choices don't impact system performance

🔗 Quick Reference

🎛️ Configuration Summary Table

Configuration AreaKey ParametersPrimary Impact
Authentication FactorsrememberMe, smsOtp, emailOtp, alwaysAskForPasswordUser login experience
Registration FactorsrememberMe, smsOtp, emailOtp, password, securityQAUser activation options
IDV MethodsaccessCodeValidation, mobilePushVerification, securityQA, serverSideBiometricAuthentication, webIdvAccount recovery capabilities

🛠️ Common Configuration Commands

  • Access Path: Gateway Management Console → Module Config Management → Auth Server
  • Apply Changes: Always click "Restart Services" after configuration updates
  • Validation: Test authentication flows after making configuration changes

Updated 15 days ago