Documentation
incode.com
  1. Integrations Ecosystem

IAM Integrations

IAM integrations add Incode identity verification as a high-assurance step within your organization's identity and access management flows. They are used to trigger verification sessions during sign-in, account recovery, MFA reset, or any access event where confirming a user's identity is required.

Unlike directory integrations, which handle user data sync, IAM integrations are tied to a specific Workflow and are triggered by an authentication event in your identity provider.

Both Okta and Microsoft Entra appear in the IAM category, but these are distinct from their Directory counterparts. An Okta or Entra directory integration syncs user data; an Okta or Entra EAM integration routes users through an Incode verification session during an auth flow. You may use both together.

📘

Note: Integrations require the Integrations Ecosystem feature to be enabled for your organization. Once enabled, you will have access to a new page called Integrations. Contact your Incode representative to enable this feature.

📘

Before you begin

If your IAM integration will use claims matching — comparing verified identity attributes against your directory record — configure your Okta Directory or Microsoft Entra Directory integration first. Claims matching requires an active directory sync to function.

Available IAM Integrations

IntegrationDescriptionStatus
Okta IDV StandardAdds Incode as an Identity Provider in Okta using the Okta Identity Verification Standard, enabling biometric verification as part of Okta authentication policies.Available
Okta IDPConfigures Incode as the authenticator and IdP for your Okta organization, enabling directory sync and custom authenticator flows.Available
Microsoft Entra External Authentication Method (EAM)Adds Incode as an external authentication method in Microsoft Entra, enabling biometric verification via Conditional Access policies.Available

How IAM Integrations Work

Each IAM integration links to a Workflow. When your identity provider triggers an identity verification event, Incode runs the associated Workflow and returns the result to the identity provider. Depending on the integration type, the result either allows or blocks the user from completing their IAM flow.

Claims matching is commonly used alongside IAM integrations to verify that the person completing the session matches the directory record associated with their account.

Updated about 1 hour ago