Login Identifier
The Login Identifier step starts every HYPR Affirm verification flow. It collects the requester's work login identifier so the rest of the flow can resolve their profile, contact information, and any per-user policy.
This step is always present and always required — it cannot be disabled.
Optional behaviors
When a verification flow is initialized with requester data via the Affirm API, two optional toggles change how the step renders for the requester:
- Read Only Login Identifier Field — the login identifier field is read-only for the workflow instance (the API-provided identifier is shown and cannot be edited)
- Skip Login Identifier — the step is entirely skipped for the workflow instance (the API-provided identifier is used without showing the screen)
Neither toggle applies when the requester enters the flow without API-provided context.
Azure Login Identifier Preferences
For workflows that resolve identifiers against Microsoft Entra ID, the Azure Login Identifier Preferences dropdown controls how the entered identifier is matched against the directory:
- User Principal Name (UPN)
- Mail / EmailAddress
onPremisesUserPrincipalName
Multiple methods can be selected — the system queries by all selected methods and accepts the first match.
Related
- Configure Verification Steps — table of all verification steps
- Identity Provider Prerequisites — required IdP attributes per step