Integrations Ecosystem Overview
The Incode Platform connects with the tools your organization already uses, such as identity providers, directories, HR systems, ticketing platforms, and productivity apps. You can set up and configure these connections through a unified Integrations experience in Dashboard.
Each integration links an external system to an Incode Workflow, enabling identity verification to trigger automatically or on demand from within the tools your teams rely on. They define:
- Which external system is connecting (for example, Okta, Microsoft Entra, or Slack)
- Which Workflow runs when that system triggers an identity verification session
- How the session is initiated — automatically via directory sync, via API, or by a user action in a connected app
Incode supports integrations across identity and access management (IAM), IT service management (ITSM), human resources, applicant tracking, messaging, customer identity (CIAM), identity governance (IGA), identity threat detection (ITDR), e-commerce, and custom API connections. All integration types follow the same configuration model and are managed from a single Integrations page in Dashboard.
The Integrations Page
All integrations are created and managed from the Integrations page in Dashboard. To access this page, click Integrations from the left-side menu.
Note: The Integrations page is only visible when the Integrations Ecosystem feature is enabled for your organization. Contact your Incode Representative if you do not see it.
From the Integrations page you can:
- Browse all active integrations organized by category
- Create new integrations
- View and edit integration configuration
- Access the Integration Reference ID used for API-triggered sessions
- View a directory of all enrolled users associated with directory integrations
Instructions for these tasks are described in Manage Integrations. Create, update, and delete actions are recorded in the Audit Log.
How a verification session flows
Regardless of the integration type, every session follows the same end-to-end path:
- Trigger — An event in the connected system (a service request, a sign-in attempt, a new hire record, or an API call) initiates a verification session through the integration.
- Session delivery — Incode generates a one-time verification link and delivers it to the end user via SMS, email, or inline redirect — depending on the integration type.
- Verification — The end user completes the configured Workflow on their device: document capture, liveness check, and any additional modules such as claims matching or eKYC.
- Result — Incode posts the outcome (pass, fail, or pending review) back to the originating system via webhook or API response. The result includes risk score, verification status, and matched identity attributes.
- Action — The connected system acts on the result — granting access, resolving a ticket, approving a hire, or routing to manual review.
Time to valueMost integrations can be configured and tested in under an hour. Directory-based integrations (Okta, Microsoft Entra) require a one-time directory sync setup. Custom API integrations are live as soon as a Client Credentials token is generated.
Integration Categories
Integrations are organized into categories based on the type of external system they connect to.
Directory
Directory integrations sync your organization's user directory with Incode, enabling employee lookups and claims matching during verification sessions.
| Integration | Status |
|---|---|
| Okta Directory | Available |
| Microsoft Entra Directory | Available |
| Bring Your Own Directory (BYOD) | Coming soon |
IAM
IAM integrations add Incode identity verification as a step in your organization's access management flows. For example, these can be used as an external authentication method or an identity verification step during sign-in.
| Integration | Description | Status |
|---|---|---|
| Okta IDV Standard | Adds Incode as an Identity Provider in Okta using the Okta Identity Verification Standard, enabling biometric verification as part of Okta authentication policies. | Available |
| Okta IDP | Configures Incode as the authenticator and IdP for your Okta organization, enabling directory sync and custom authenticator flows. | Available |
| Microsoft Entra External Authentication Method (EAM) | Adds Incode as an external authentication method in Microsoft Entra, enabling biometric verification via Conditional Access policies. | Available |
Productivity
Productivity integrations bring identity verification into the collaboration tools your teams use every day.
| Integration | Description | Status |
|---|---|---|
| Slack | Enables identity verification requests to be sent and completed directly within Slack using slash commands. | Available |
IT Service Management (ITSM)
ITSM integrations connect Incode to your IT service management platform, enabling agents to trigger identity verification directly from support workflows.
| Integration | Description | Status |
|---|---|---|
| ServiceNow | Integrates Incode identity verification into ServiceNow ITSM workflows, enabling agent-initiated verification from within tickets and service flows. | Available |
| Jira Service Management | Allows help desk agents to verify employee identities directly from a JSM service request using Incode's biometric verification platform. |
HR
HR integrations allow identity verification to be initiated from your human resources platform as part of hiring and onboarding workflows.
| Integration | Description | Status |
|---|---|---|
| Workday | Triggers identity verification as part of Workday hiring and onboarding flows. | Coming soon |
Recruitment
Recruitment integrations allow identity verification to be initiated from your applicant tracking system (ATS) as part of the hiring process.
| Integration | Description | Availability |
|---|---|---|
| Greenhouse | Triggers candidate identity verification from within Greenhouse ATS. | Available |
| Ashby | Triggers candidate identity verification from within Ashby ATS. | Available |
| Workday Recruiting | Leverages facial biometrics, document authentication, and fraud detection to validate candidate identities during the hiring process. | Available |
| Lever | Sends a personalized Incode verification link, captures the result, and writes it back to the candidate's Lever opportunity with no manual steps required. | Available |
E-commerce
E-commerce integrations allow identity verification to be embedded directly into your online store or marketplace.
| Integration | Description | Availability |
|---|---|---|
| Shopify | Adds identity-based age verification to your Shopify checkout. | Available |
Identity Threat Detection and Response (ITDR)
ITDR integrations connect Incode to your threat detection platform, enabling your security team to trigger identity verification as part of an active incident response workflow.
| Integration | Description | Availability |
|---|---|---|
| Microsoft Defender for Identity | Connects Incode verification to Microsoft Sentinel via Azure Logic Apps. When Defender raises a suspicious activity incident, the playbook sends the flagged user a verification link and posts the result back to Sentinel. | Available |
| CyberArk | Add biometric identity verification as a step-up authentication trigger within CyberArk's privileged access and identity threat detection workflows. | Coming soon |
Customer Identity and Access Management (CIAM)
CIAM integrations add Incode identity verification as a step within your customer-facing authentication flows. They are designed for use cases where verifying the identity of an end user is required as part of sign-up, login, or a sensitive transaction.
| Integration | Description | Availability |
|---|---|---|
| Auth0 Post-Login Action | Triggers an Incode verification session as a post-login action in Auth0, storing results in the user's Auth0 profile and ID token. | Available |
| Ping DaVinci (CIAM) | Connects verified real-world identity to Ping Identity user profiles through OpenID Connect (OIDC), enabling identity verification and face authentication as drag- and-drop nodes in DaVinci orchestration flows. | Available |
| Descope | Adds biometric identity verification as a native step inside any Descope flow — useful for sign-up, step-up authentication on high-risk events, or identity verification during account recovery. | Available |
Customer Relationship Management (CRM)
CRM integrations connect Incode identity verification to the platforms your sales and operations teams use to manage customer relationships.
| Integration | Description | Availability |
|---|---|---|
| Salesforce | Triggers an identity verification request from any Contact, Lead, or Account record and receive the results back into that same record — no code, no switching between systems. | Available |
Identity Governance and Administration
Identity Governance and Administration (IGA) integrations connect Incode identity verification to your IGA platform, enabling identity proofing as part of provisioning, access certification, and lifecycle management workflows.
| Integration | Description | Availability |
|---|---|---|
| SailPoint Identity Security Cloud | adds biometric identity verification as a step within SailPoint identity governance workflows | Available |
OEM and MSP Partner
OEM and MSP partner integrations combine Incode's biometric and document verification with third-party identity data signals to produce a more complete and reliable identity decision.
| Integration | Description | Availability |
|---|---|---|
| Alloy | Positions Incode as the document and biometric verification node inside an Alloy decision graph. | Available |
| Experian | Positions Incode as the biometric document capture and liveness detection layer within a CrossCore workflow. | Available |
| Equifax | Positions Incode as the biometric and document verification front end, with Equifax supplying back-end data verification covering SSN validation, address history, fraud alerts, and synthetic identity signals | Available |
| TransUnion | Pairs Incode biometric and document verification with TransUnion data-based identity signals to produce a composite IDV score. | Available |
Custom
Custom integrations connect Incode to any system, including internal tools, ticketing systems, and automation pipelines. These connections use standard protocols or the Incode API directly.
| Integration | Built on | Description | Status |
|---|---|---|---|
| Self-Serve Portal | API | Provides employees with a self-service portal to reset their password or MFA credentials after completing biometric verification. | Available |
| Helpdesk Verifications | API | Enables IT support agents to send verification requests to employees on demand, before handling high-risk requests such as account unlocks or MFA resets. | Available |
Coming Soon
| Integration Category | Description |
|---|---|
| Banking and Fintech | Embed Incode identity verification directly into core banking platforms, digital account opening workflows, and lending origination systems. |
| Student Information System | Embed Incode identity verification into the platforms used by higher education institutions and K-12 organizations to manage student records, enrollment, and access to academic resources. |
| Video Conferencing | Add identity verification as a gating step before participants can join a meeting, webinar, or video call. |
Key Concepts
Login Hint
A loginHint is a user identifier, typically a corporate email address, username, or employee ID, passed to Incode at the start of a verification session. It is used to look up the user in a connected directory and associate the session with an existing identity record.
Integration ID
Each integration has a unique Integration ID. This ID is required when triggering verification sessions via the Request New Onboarding API and is used to route the session through the correct Workflow and integration configuration.
Claims Matching
Many integration use cases require claims matching: comparing attributes from the user's government-issued ID against data in the connected directory (such as name, date of birth, or email). Claims matching is configured as a Workflow module and can be customized.
Client Credentials
A Client Credentials integration is created automatically for organizations with Integrations Ecosystem enabled. It appears under Integrations > Custom > OIDC Client Credentials and is used to authenticate API requests to Incode using OAuth 2.0.
Security and data handling
All data exchanged between Incode and connected systems is encrypted in transit using TLS 1.2 or higher. Integration credentials (client secrets, API keys) are hashed at rest and never returned in plaintext after initial creation. Verification results written back to third-party systems contain only the outcome, risk score, and matched attributes — raw biometric data and document images are never forwarded to the connected system. Retention of session data is configurable at the attribute level in Dashboard > Configuration > Data.
Updated about 1 hour ago