Best Practices

Best Practices

Business applications and business users

Matching logic post-authentication

Accept all email addresses in your ID.me payload

You will need to update the policy for your organization to receive “all emails” tied to the emails_confirmed attribute within the data payload (see data payload example below).

This configuration will ensure you receive business emails associated with the account and not just the personal email. In a February product release, ID.me will label emails by type, e.g., Personal vs. Work, so you can only accept work emails if desired. In the meantime, updating this configuration is critical to ensuring you receive the right email type. Contact your Customer Success Manager (CSM) to confirm you are set up and configured to receive all emails.

{
  "attributes": [
  {
    "handle": "emails_confirmed",
    "name": "All Confirmed Emails",
    "value": [
      "my.primary.email@example.com",
      "my.second.email@example.com",
    ]
  }
}

Avoid duplicate account errors by providing users with specific instructions

Users who have already verified their identity to NIST IAL2 in a personal context (e.g., accessing retirement, tax, or veteran benefits and services) SHOULD NOT attempt to sign up with ID.me with their work email and phone number. They need to add their work email and other information to their existing verified profile.

We need your help to ensure that all ID.me customers with business user-facing applications display the same instructions. ID.me is a shared service so it is critical to have consistency.

If you use ID.me for login and identity verification of business users, ensure the copy and links below are shown on the landing page, replacing “ACME.INC” with your organization name.

Sample implementation
Required text

ACME.INC offers a sign-in option with ID.me, which offers access to ACME.INC online services with a secure account that protects your privacy.

Follow these steps:


STEP 1 (REQUIRED)

Set up your ID.me account for business

Account setup is required for all users.

[ Get started ]


STEP 2

Sign in to ACME.INC with ID.me

After you’ve added a work email to your ID.me account, sign in below.

[ Sign in with ID.me ]


Troubleshooting?

If you created a duplicate ID.me account with your work email, follow these instructions to fix the issue.

Communicate mismatch information to the user

If you use matching logic post-authentication and the user’s email or other details fails to match, then please ensure the exact copy and links in the image are shown on the landing page.

Failure to match name OR email
Sample implementation
Required text
Error

The name or email address on your ACME.INC account does not match your ID.me account.

If you need to add your ACME.INC work email to your personal ID.me account:

[ Add work email ]

If you’ve verified your identity, but your legal name has changed, update your name in your ID.me account:

[ Update your name ]

Failure to match name
Sample implementation
Required text
Error

The name on your ACME.INC account does not match your ID.me account.

If you’ve verified your identity, but your legal name has changed, update your name in your ID.me account.

[ Update your name ]

Failure to match email
Sample implementation
Required text
Error

The email address on your ACME.INC account does not match your ID.me account.

You need to add your ACME.INC work email to your personal ID.me account.

[ Add work email ]

Failure to match name AND email
Sample implementation
Required text
Error

The name and email address on your ACME.INC account does not match your ID.me account.

If you need to add your ACME.INC work email to your personal ID.me account:

[ Add work email ]

If you’ve verified your identity, but your legal name has changed, update your name in your ID.me account:

[ Update your name ]

Leveraging the ID.me unique identifier

Parsing the ID.me user’s UUID (unique identifier) from the payload response provides a unique and persistent identifier for each user. This identifier can be utilized in databases, analytics, or systems to link and retrieve specific user-related information consistently. It helps maintain a clear association between responses from ID.me and the corresponding user, enhancing precision and efficiency in data management and processing.

Utilizing UUIDs enhance the user experience by enabling personalization and tracking. It ensures unique identification, enabling seamless continuity across interactions, personalized content delivery, and efficient data management. This contributes to a more streamlined and tailored user experience.

Example of UUID in the payload response:

{
  "attributes": [
    {
      "handle": "uuid",
      "name": "Unique Identifier",
      "value": "d733a89e2e634f04ac2fe66c97f71612"
    },
    ...
  ],
  ...
}

Consumer applications and personal users

Login & verification

ID.me button (solo)
(Alongside 3rd party)
1A

Verify with ID.me as the primary action

Verification by ID.me • What is ID.me?

1B

ID.me sign in button as primary action

ID.me is our trusted technology customer in helping to keep your personal information safe. They specialize in digital identity protection and help us make sure you're you—and not someone pretending to be you—before we give you access to your information. Learn more about ID.me.

2A

Verify with ID.me button without lock icon and "Verification by ID.me" text

What is ID.me?

2B

Create new account through ID.me

Sign in to [customer Name]
OR

Introduction text related to ID.me and business entity goes here

  • Benefit 1
  • Benefit 2
  • Benefit 3

ID.me is our trusted technology customer in helping to keep your personal information safe. They specialize in digital identity protection and help us make sure you're you—and not someone pretending to be you—before we give you access to your information. Learn more about ID.me.

3A

Verify with ID.me button with introduction text about ID.me

ID.me is our trusted technology customer in helping to keep your personal information safe. They specialize in digital identity protection and help us make sure you're you—and not someone pretending to be you—before we give you access to your information.

3B

Dual 'Sign-in' and 'create an account' methods (ID.me and 3rd Party)

Sign in to [customer Name]

Intro text related to ID.me and business entity customership goes here

  • Benefit 1
  • Benefit 2
  • Benefit 3

ID.me is our trusted technology customer in helping to keep your personal information safe. They specialize in digital identity protection and help us make sure you're you—and not someone pretending to be you—before we give you access to your information. Learn more about ID.me.