IAM Integrations
Identity and access management (IAM) integrations add Incode identity verification as a high-assurance step within your organization's identity and access management flows. They are used to trigger verification sessions during sign-in, account recovery, MFA reset, or any access event where confirming a user's identity is required.
Unlike directory integrations, which handle user data sync, IAM integrations are tied to a specific Workflow and are triggered by an authentication event in your identity provider.
Both Okta and Microsoft Entra appear in the IAM category, but their IAM integrations are separate from their directory integrations. A directory integration syncs user data; an IAM integration routes users through an Incode verification session during an auth flow. You can use both together.
NoteThe Integrations Ecosystem feature must be enabled for your organization before you can access the Integrations page. Contact your Incode Representative to enable this feature.
Available IAM Integrations
| Integration | Description | Status |
|---|---|---|
| Okta IDV Standard | Adds Incode as an Identity Provider in Okta using the Okta Identity Verification Standard, enabling biometric verification as part of Okta authentication policies. | Available |
| Okta IDP | Configures Incode as the authenticator and IdP for your Okta organization, enabling directory sync and custom authenticator flows. | Available |
| Microsoft Entra External Authentication Method (EAM) | Adds Incode as an external authentication method in Microsoft Entra, enabling biometric verification via Conditional Access policies. | Available |
Understand IAM Integrations
Each IAM integration links to a Workflow. When your identity provider triggers an identity verification event, Incode runs the associated Workflow and returns the result to the identity provider. Depending on the integration type, the result either allows or blocks the user from completing their IAM flow.
Claims matching is commonly used alongside IAM integrations to verify that the person completing the session matches the directory record associated with their account.
NoteIf your IAM integration will use claims matching, configure your Okta Directory or Microsoft Entra Directory
integration first. Claims matching requires an active directory sync to function.