EPCS Provider Verification

Getting Started

To get started with an integration you’ll need to do the following.

  • Sign up for an ID.me developer account.
  • Register your organization.
  • Select which groups you would like to enable for verification.
  • Choose your platform to review the recommended integration options.
  • Place our ‘Verify with ID.me’ button on your site to begin testing authentication and verification.
  • Contact partnersupport@id.me to generate test credentials.
  • Once verification is complete at ID.me, the partner sends a request to ID.me’s API to retrieve user attributes.

By default, your application will be set up for OAuth. Upon registration, you will immediately have access to the application details page which will list the client_id and client_secret for your OAuth client.

Leveraging the ID.me IDP SAML service will vary depending on the product that is used to implement the federation relationship. Currently, we do not support creating SAML SP profiles automatically through the portal, please contact partnersupport@id.me for assistance in the process.

SAML Metadata

Once an account is created, SAML metadata (along with keys) must be exchanged to ensure proper configuration of the endpoints.

A copy of the current, full metadata is always available at https://api.id.me/saml/metadata/provider

Sandbox environment metadata can be found at https://api.idmelabs.com/saml/metadata/provider

Note that preserving formatting and whitespace is important when importing any XML metadata.

The metadata document describes the IDP to a SP, including the following elements:

  • The endpoint addresses for communication
  • The X.509 certificates being used to sign and encrypt SAML assertions
  • The SAML bindings supported by the service provider

SAML Bindings

The ID.me IDP SAML service supports HTTP POST and HTTP Redirect bindings.

Name Identifier

The ID.me IDP SAML service supports the following NameID formats:


Authentication Context

The ID.me IDP SAML service supports invoking different authentication and verification policies on a per-application or per-request basis. The policy name is required to be passed along within the element. For more information about available policies and support for setting these up, please contact partnersupport@id.me