Welcome to ID.me for developers! If you are interested in integrating ID.me, you are in the right place. Here we will cover how to get started implementing ID.me.
Multi-Factor Authentication
ID.me offers comprehensive and easy-to-deploy progressive multi-factor authentication solutions to fit your business needs and risk tolerance.
Authentication Policies
SMS One-Time Password (OTP)
- Enter a code sent to your MFA device.
- Text message or phone call is the most convenient MFA option for users
- Least secure compared to the other options as it is vulnerable to security breaches.
- This method is not available as an option for DEA EPCS authentication.
Code Generator Time-Based One-Time Password (TOTP)
- This MFA option generates new 6-digit security codes every 30 seconds to verify a user is who they say they are.
- A code generator security codes are always six digits long and expire after 30 seconds on the ID.me Authenticator app.
Push Notification via ID.me Authenticator App
- A push notification is a message that pops up on a mobile device. Push notifications are similar to SMS text messages and mobile alerts, but they only reach users who have installed your app.
FIDO U2F Key
- FIDO U2F Security Key is a physical device (security key) that a user plugs in to a USB port which you tap when prompted to securely sign in.
NFC-Enabled Mobile Security Key
- Mobile YubiKey is a physical device that you can scan using an NFC-enabled mobile device. NFC stands for Near Field Communication, which enables short-range communication between devices.
Integrations
These are a set of open specifications and protocols that specify how to design an authentication and authorization system. They specify how you should manage identity, move personal data securely, and decide who can access applications and data. The identity industry standards that we use at ID.me are: