HYPR Affirm Integrations
HYPR Affirm integrations connect external identity providers and services to verification workflows. They fall into three categories:
- Verification steps — External services used as tasks within a verification flow (for example, presenting a credential stored in Microsoft Authenticator).
- Outcomes — Actions taken after a requester successfully completes a verification flow (for example, issuing a Temporary Access Pass or resetting a password).
- Helpdesk authentication — IdP-based login for Helpdesk agents accessing the HYPR Affirm Helpdesk portal.
For information on building and configuring HYPR Affirm verification flows themselves, see Configuring HYPR Affirm.
Cross-Product Integrations
HYPR Affirm + HYPR Adapt
HYPR Affirm can serve as the identity verification step triggered by a HYPR Adapt policy. When Adapt detects suspicious access behavior — such as a high risk score or a device posture violation — it routes the user into a configured Affirm verification flow before allowing or denying access.
From the Affirm side, this means configuring a verification flow that Adapt can invoke, and ensuring Affirm is connected to the same HYPR Control Center instance as Adapt. The Adapt side handles policy evaluation and the trigger; Affirm handles the verification UX and outcome.
Helpdesk Authentication
Okta: Affirm Helpdesk OIDC
Authenticate HYPR Affirm Helpdesk agents using Okta as an OpenID Connect provider. Configure role-based access (Viewer or Editor) using Okta group membership claims, and connect the integration in HYPR Control Center.
Configure Okta OIDC for HYPR Affirm Helpdesk →
Relying Party Sign-In
OIDC Relying Party with HYPR Affirm Verification
Use HYPR Affirm as the verification step for any OpenID Connect relying party (for example, Cloudflare Zero Trust). Sign-in attempts from the relying party are routed into a HYPR Affirm verification flow before HYPR returns an id_token to the RP.
Configure OIDC Relying Party + Affirm →
Verification Steps
Verification steps are tasks a requester must complete during an identity verification flow.
Microsoft Entra Verified Credentials
Users present a Verified ID credential stored in Microsoft Authenticator as an identity verification step. HYPR requests a credential presentation, validates the claims and issuer trust, and advances the workflow on success.
Configure Verified Credentials as a Verification Step →
Outcomes
Outcomes are the actions HYPR Affirm takes after a requester successfully completes a verification flow.
Microsoft Entra ID: Temporary Access Pass (TAP)
HYPR Affirm issues a Microsoft Entra Temporary Access Pass to the requester after successful verification. The TAP lets the user register new authentication methods — including passkeys — without requiring an existing credential.
Microsoft Entra ID: Verified ID
HYPR Affirm issues a Microsoft Entra Verified ID credential to the requester after successful verification. The issued credential is stored in Microsoft Authenticator and can be reused in subsequent verification flows.
Configure Entra Verified ID Outcome →
Okta: Password Reset
HYPR Affirm resets the requester's Okta password after successful verification. This outcome is suited for account recovery flows where the requester has lost access to their credentials.