Description
SailPoint Non-Employee Risk Management is excited to announce a new integration with Microsoft Entra Verified ID, enabling a secure, streamlined, and trusted way to verify identities and issue digital credentials during self-service onboarding.
With this integration, customers can connect their own Microsoft Entra tenant to our platform and leverage Microsoft’s Verified ID Identity Verification Partners to complete identity proofing.
New Capabilities
- Seamless Onboarding
- Prospective non-employees can verify their identity within Non-Employee Risk Management’s self-service registration flows, using Microsoft’s trusted verification partners.
- Digital Credentialing
- With Microsoft Entra Verified ID, organizations can issue digital credentials to their non-employees once they complete proofing, confirming that their identity requirements have been met prior to being onboarded.
- Non-Employee Risk Management admins can configure multiple digital credential types that can be accepted in an registration workflow, or even separate credential requirements on different workflows.
- Biometric Face Check
- Registrants can complete a Face Check in the Microsoft Authenticator app, confirming they are who they claim to be. This can be completed against the digital credentials issued during the registration flow, or existing credentials that the organization chooses to accept (such as digital IDs issued by business partners or governments).
Problem
- Reducing Fraud Risk – By verifying identity at the point of onboarding, organizations minimize the chance of fraudulent registrations.
- Lowering Operational Overhead – Automated identity proofing eliminates manual checks, reducing time and cost for HR, IT, and compliance teams.
- Improving User Experience – Self-service onboarding with fast biometric verification creates a frictionless process for new users and partners.
- Strengthening Trust – Digital credentials create a verifiable identity record that can be reused across services, reducing repeated checks.
Solution
The ability to use Microsoft Entra Verified ID to complete Identity Verification will be configured in Non-Employee Risk Management registration workflows.
Demo Video
Steps
- Configuration
Note: In order to use this integration, customers will need to have the Microsoft Entra Verified ID feature enabled in their MS Entra tenant
- This option is available in the Non-Employee Risk Management Portal registration workflow configuration, within the Identity Proofing workflow action.
- Admin → Collaboration → Worfklows → Portal Registration → create or edit workflow → select Identity Proofing action
- Select vendor Microsoft Entra ID
- Configure Client ID and Client Secret for your MS Entra Tenant
- Configure Login Hints.
- These are the first and last name attributes that will be collected from your registrants in the registration form.
- They must map to a Non-Employee Risk Management attribute, which can be selected in the dropdowns.
- The values that registrants provide for these attributes
- will be sent to the Identity Verification provider.
- will be set on the Non-Employee profile created in Non-Employee Risk Management.
- Configure Issuance Request Settings
- These values should be found in your MS Entra Verified ID configuration
- Configure Credential Verification Request Settings
- You may configure multiple credential types that can be accepted
- Registration flow
- Registrant receives link for Non-Employee Risk Management registration page and enters Email address to verify
- Registrant enters verification code from Email
- Registrant enters first and last name
- Registrant presented choices
* Create a Verifiable Credential - Complete identity verification and receive credential via MS Entra verification partner
* Use Verifiable Credential - Complete registration process using newly issued **or** existing credential (if configured by organization)
- To Create Verifiable Credential
- Click button - registrant presented QR code - scanning code will take them to partner site (as configured via Entra) to complete Identity Proofing or verification process
* Once credential is generated, it will be added to the registrant’s digital wallet in the **MS Authenticator app** and a confirmation will be presented on the registration page
- To Use a Verifiable Credential
- Click button - registrant presented QR code to scan on their device
* QR code will bring up authenticator app, allowing them to verify the credential that matches the configuration set by the admin
* At this point, Face Check may be required via authenticaor app, if configured by Admin
* Once authentication is complete via app, registrant will be presented a confirmation message on Registration page
* Registrant may be prompted to complete additional steps, as configured on Registration workflow
Who is affected?
- The new workflow configuration will be available to all Non-Employee Risk Management customers
- Only customers with MS Entra Verified ID feature enabled (via Entra) will be able to take advantage of the integration
- Non-Employee Risk Management customers who wish to verify Identities and issue digital credentials
Action Required
- Customers must have Microsoft Entra Verified ID enabled in their own Entra tenant.
- Registrants must use the Microsoft Authenticator app on their smartphone.
- Identity verification will leverage Microsoft’s verification partners. Customers who wish to use this aspect of the feature will need to configure or contract with these providers, via Microsoft.
Important Dates
-
Enablement to begin in sandbox tenants: October 20, 2025
-
Enablement to begin in production tenants: October 27, 2025