Documentation
incode.com
  1. Integrations Ecosystem
  2. IAM Integrations
  3. Okta IDV Standard

Configure Claims Matching with Okta IDV Standard

When using Incode IDV with Okta, claims matching verifies that the person completing an identity verification session is the same person on record in your Okta directory. Okta sends the claims it wants Incode to validate as part of the authentication request, and Incode matches those claims against the verified data from the user's ID.

This guide covers how claims matching works in the context of the Okta IDV Standard integration and how to configure it on the Incode side.

📘

Prerequisite

This guide assumes you have completed the Okta IDV Standard setup guide and that the Claims Matching module is enabled for your organization. Contact your Incode representative if you do not see the Claims Matching module in your Workflows.

Prerequisites

  • You have completed the Okta IDV Standard setup guide
  • The Claims Matching module is enabled in Dashboard for your organization. Contact your Incode representative if you do not see this module in your Workflows.

How claims matching works with Okta IDV

When a user is routed through an Incode verification session via the Okta IDV Standard integration, Okta sends a Pushed Authorization Request (PAR) to Incode. This request includes the claims Okta wants validated and the matching logic for each claim.

Incode receives these claims and evaluates them against the identity data captured during the verification session — OCR data from the user's government-issued ID, selfie liveness result, and any other modules included in the linked Workflow.

Matching strictness

Okta controls the matching strictness for each claim via the PAR request:

  • Exact matching — the attribute value from the verified ID must match the directory record precisely. Recommended for fields such as date of birth and document number.
  • Fuzzy matching — allows for minor variations such as name abbreviations, hyphenation differences, or OCR normalization. Recommended for name fields where formatting may vary across documents.

Configuration

Step 1: Add the Claims Matching module to your Workflow

  1. In the left navigation, click Workflows.
  2. Open the Workflow linked to your Okta IDV Standard integration.
  3. From the Processes menu, add Claims Matching to the Workflow.
  4. Click the three dots → Edit to open the module configuration.
  5. Ensure External Policy is selected. This setting instructs Incode to use the claims and matching logic sent by Okta in the PAR request, rather than a locally defined policy.
  6. Click Save configurations on the Claims Matching module, then Save & Publish for the Workflow.
📘

Note

Do not select Module defined policy for Okta IDV Standard integrations. That setting is used for non-Okta flows where Incode defines the claims policy locally. For Okta, the claims are always controlled by Okta via the PAR request.

Step 2: Configure claims in Okta

Claims sent to Incode are configured on the Okta side as part of your Okta IDV Standard integration settings. Refer to Okta's documentation on Identity Verification claims for details on which attributes can be sent and how to configure matching strictness per claim.

Claims manual review

If a session's claims cannot be automatically matched, the session is routed to manual review. This may occur when data does not match within the strictness level configured in Okta — for example, a name on the ID differs significantly from the directory record.

To review flagged sessions:

  1. In the left navigation, click Sessions.
  2. Filter by Pending review.
  3. Open the session and review the claims match result alongside the captured ID and selfie.
  4. Click Approve or Reject, and add a note for audit purposes.

Next steps

Updated about 2 hours ago