Configuring Verification Steps
Verification Steps
The Verification Steps section of the workflow editor lists every step available for the workflow. Use the left sidebar to jump to it, then expand any step's card to configure it inline.
Each step card shows a Deselect Step toggle in the upper right that enables or disables the step in this workflow. Steps that are required (Login Identifier, Attestation) cannot be disabled.
This page lists the steps by category. For configuration details on a specific step, follow the link in the table.
Identity capture
The core identity-evidence collection steps. Most workflows include at least one of these.
| Step | What it does |
|---|---|
| Login Identifier | Always required. Captures the requester's work login identifier so the rest of the flow can resolve their profile. |
| Phone Number / Email Verification | Delivers an OTP to the requester's phone or email; confirms contact-channel access. |
| Document and Biometric Verification | Photo ID upload + live selfie comparison + optional Motion Detection, Dual Document, AML/OFAC, Identity Verification with Document Issuer. |
| Photo ID and Liveness Capture | Lighter alternative to Document and Biometric — Photo ID + selfie comparison without compliance overlays. |
| Identity Verification via Verified Credentials | Requester presents an Entra Verified ID credential stored in Microsoft Authenticator. |
| Liveness-Only (Anchor Image) | Live selfie compared against a directory-stored anchor image; no fresh document required. |
Policy and context
Steps that gather context (location, network) or apply compliance / risk-policy logic on top of identity capture.
| Step | What it does |
|---|---|
| Location | Collects geolocation + IP and evaluates against Known Locations, IP allow/block lists, distance threshold, and country block list. For the policy-composition perspective, see Network and Location Policy. |
| KYC Compliance Checks | Optional compliance screening — AML, OFAC, watchlists — attached to Document and Biometric Verification. |
Custom
Pluggable steps that extend the platform with organization-specific verification logic.
| Step | What it does |
|---|---|
| Custom Verification Step | Insert a custom SPA as a verification step, registered via the Code Customization API. Useful for proprietary KBA, partner verification, or in-house fraud-detection integration. |
Approval and attestation
Human-review steps and the live-chat escalation path.
| Step | What it does |
|---|---|
| Approver Chat and Video | Live chat/video session between requester and assigned approver. Enabled by default. |
| Escalate to Live Chat | Automatic escalation into a chat session with the escalation approver when an automated step fails. |
| Attestation | Always enabled. Required human-approver attestation before the outcome fires. |
Outcomes
Terminal steps that define what happens at the end of the flow.
| Step | What it does |
|---|---|
| Verified Outcome | What happens on successful verification — Device Manager handoff, Entra TAP, Verified ID, Okta password reset, custom redirect, or in-flow result display. |
| Unverified Outcome | What happens when verification fails or is denied — custom redirect or in-flow denial display. |
Save and Revert
After configuring step-level options in the workflow editor, click Save at the top right to apply changes, or Revert Changes to discard unsaved edits. Delete removes the workflow entirely (with confirmation).
Related
- Create and Manage Verification Flows — workflow creation, applications, retry limits
- Approvers and Escalation Approvers — approver chain configuration
- Injectable Outcomes & Retry Limits — per-step retry and failure-outcome configuration
- Step Configuration — deep-dive home for every step type