Okta

Verify employee identities directly within your Okta authentication flows with no-code integration.

Okta is a cloud-based identity and access management platform that lets its users seamlessly access multiple applications, websites, and devices using a single set of credentials.

The integration of Sumsub and Okta adds identity verification to Okta-controlled access, letting you instantly confirm your workforce's identity during onboarding, login, step-up authentication, account recovery, or sensitive profile updates without leaving Okta or building custom flows.

Instead of only checking that the user has the correct password, device, or authentication factor, you securely verify that the person behind the access request is the legitimate employee associated with the dedicated account.

Solution benefits

Key benefits of Sumsub’s Okta integration include the following:

  • Identity assurance within Okta. Use real-time identity verification to make more reliable access decisions.

  • Reduced security risk. Protect against account takeover, impersonation, and unauthorized access.

  • Seamless user experience. Trigger additional verification only for high-risk actions, while keeping routine logins uninterrupted.

  • Flexible verification levels. Adapt the verification flow from a quick biometric confirmation to identity, age, address, PEP, sanctions, or AML screening.

  • Simple implementation. Enable the integration through Sumsub and apply verification through existing Okta policies, without a separate SDK or API project.

  • Minimum operational effort. Automate identity checks and access decisions instead of relying on manual reviews.

How Sumsub’s Okta integration works

Our integration lets you decide where to place Sumsub in your Okta policies. You can use Sumsub as an Identity Verification (IDV) provider and/or as an authentication factor.

Building blockWhat the integration doesWhere integration runs
Identity verification (IDV) providerEstablishes who someone is from real identity evidence (any Sumsub level, from a document and selfie check to a liveness check, and full AML screening).The Account Management Policy, Okta's rules for onboarding, account recovery, unlocking, and security method changes.
Authentication factorConfirms the right person is present right now with a fast check, typically an applicant-action liveness check, used like any Okta sign-in factor, exactly as a password or one-time code would be.The Authentication Policies, Okta's rules for login and step-up (an extra check before a high-risk action).

Identity proofing—IDV provider flow

  1. An employee reaches a high-risk moment your Okta Account Management Policy governs (onboarding, account recovery, a security-method change, and so on).
  2. Okta directs them to Sumsub to complete the verification level you assigned to this action.
  3. The employee verifies their identity as the level requires.
  4. Sumsub returns a pass/fail result and the verified identity claims.
  5. Okta applies the dedicated policy: grants access, blocks the user, or routes them to recovery.

Verification as a factor—IdP authenticator flow

  1. An employee initiates login or a step-up your Authentication Policy protects.
  2. Okta challenges them with the Sumsub factor, a quick check such as a liveness scan.
  3. The employee completes the check on Sumsub.
  4. Sumsub returns a pass/fail result.
  5. Okta allows the user to proceed with sign-in or stops them, largely the same way as with any Okta factor.

To learn how to enable Okta and Sumsub integration, refer to this article.

Use cases

Below are the example flows that can be built using the Sumsub and Okta integration. The integration functionality is not limited to these examples. You are free to create your own scenarios.

Building blockTriggers and checksVerification flow
IDV providerUser verification at onboarding
  1. New employee signs up.
  2. Okta triggers a document and selfie check before granting access.
Authentication factorLiveness at every login
  1. An employee enters their password.
  2. Okta triggers a face match before allowing sign-in.
Authentication factorRisk-based step-up
  1. An employee initiates a high-value action.
  2.  Okta triggers a liveness re-check.
Authentication factorPasswordless / face-only loginA Sumsub liveness check is required for sign-in.
Authentication factorCompliance-gated feature access
  1. An employee tries to access a sensitive feature (trading, transfers, or admin-only functions).
  2. Okta triggers any type of identity verification.
IDV provider or authentication factorAccount recovery with an identity check
  1. An employee initiates a password reset.
  2. Okta triggers document verification or liveness to let them proceed.

Sumsub and Okta integration FAQ

QuestionAnswer
What's the difference between the IDV provider and the Sumsub authenticator?

The IDV provider performs identity proofing, establishing who someone is (for example, document and selfie), at account management moments such as onboarding/enrollment, recovery, and unlock, and returns verified identity claims your Okta policies can use.

The authenticator is a verification step used as a login factor at sign-in or step-up; it signals a pass/fail (a valid token = the user passed) rather than returning identity claims.

Both trigger a Sumsub verification level you configure during setup.

Can Sumsub run AML or sanctions screening, not just document checks?Yes. The verification level you assign can include document and biometric checks, AML/PEP/sanctions screening, address and age verification, and more.
Does the integration require custom development?No. The integration is enabled from the Sumsub Dashboard and configured through Okta policies. No SDKs or custom code involved.
How is identity data handled?Verification is performed by Sumsub, which is built privacy-first and holds recognized compliance certifications. For more information, refer to the Sumsub Trust Center.