Documentation
incode.com
  1. Integrations Ecosystem
  2. IAM Integrations
  3. Okta IDV Standard

Configure Claims Matching with Okta IDV Standard

When using Incode IDV with Okta, claims matching verifies that the person
completing an identity verification session is the same person on record in
your Okta directory. Okta sends the claims it wants Incode to validate as
part of the authentication request, and Incode matches those claims against
the verified data from the user's ID.

This guide covers how claims matching works in the context of the
Okta IDV Standard integration
and how to configure it on the Incode side.

📘

Prerequisite

This guide assumes you have completed the
Okta IDV Standard
setup guide and that the Claims Matching module is enabled for your
organization. Contact your Incode representative if you do not see the
Claims Matching module in your Workflows.

Prerequisites

  • You have completed the
    Okta IDV Standard
    setup guide
  • The Claims Matching module is enabled in Dashboard for your organization.
    Contact your Incode representative if you do not see this module in your
    Workflows.

How claims matching works with Okta IDV

When a user is routed through an Incode verification session via the Okta
IDV Standard integration, Okta sends a Pushed Authorization Request (PAR)
to Incode. This request includes the claims Okta wants validated and the
matching logic for each claim.

Incode receives these claims and evaluates them against the identity data
captured during the verification session — OCR data from the user's
government-issued ID, selfie liveness result, and any other modules included
in the linked Workflow.

Matching strictness

Okta controls the matching strictness for each claim via the PAR request:

  • Exact matching — the attribute value from the verified ID must match
    the directory record precisely. Recommended for fields such as date of
    birth and document number.
  • Fuzzy matching — allows for minor variations such as name
    abbreviations, hyphenation differences, or OCR normalization. Recommended
    for name fields where formatting may vary across documents.

Configuration

Step 1: Add the Claims Matching module to your Workflow

  1. In the left navigation, click Workflows.
  2. Open the Workflow linked to your Okta IDV Standard integration.
  3. From the Processes menu, add Claims Matching to the Workflow.
  4. Click the three dots → Edit to open the module configuration.
  5. Ensure External Policy is selected. This setting instructs Incode to
    use the claims and matching logic sent by Okta in the PAR request, rather
    than a locally defined policy.
  6. Click Save configurations on the Claims Matching module, then
    Save & Publish for the Workflow.
📘

Note

Do not select Module defined policy for Okta IDV Standard
integrations. That setting is used for non-Okta flows where Incode
defines the claims policy locally. For Okta, the claims are always
controlled by Okta via the PAR request.

Step 2: Configure claims in Okta

Claims sent to Incode are configured on the Okta side as part of your Okta
IDV Standard integration settings. Refer to Okta's documentation on
Identity Verification claims for details on which attributes can be sent
and how to configure matching strictness per claim.

Claims manual review

If a session's claims cannot be automatically matched, the session is routed
to manual review. This may occur when data does not match within the
strictness level configured in Okta — for example, a name on the ID differs
significantly from the directory record.

To review flagged sessions:

  1. In the left navigation, click Sessions.
  2. Filter by Pending review.
  3. Open the session and review the claims match result alongside the
    captured ID and selfie.
  4. Click Approve or Reject, and add a note for audit purposes.

Next steps

Updated 20 days ago