27 Identity checks

Many organizations apply stringent identity checking procedures before allowing credentials to be issued to their employees.

You can configure a credential profile to prevent issuance unless the person has passed their identity checks and has their user data marked as approved; see section 27.1, User Data Approved checks.

Often, policy requires that these checks are repeated at defined periods. In this case, you can use the vetting date feature in MyID to prevent the issuance of credentials when the validity period of the identity check has expired; see section 27.2, Vetting date validity checks.

This feature also prevents the renewal of certificates if the person has not passed their identity checks, or if their identity checks will expire before the expiry date or renewal date of the certificates being renewed; see section 27.3, Certificate renewal checks.

You can configure a credential profile to restrict the lifetime of certificates to the vetting date; see section 27.4, Certificate lifetime restrictions.

You can configure MyID to send identity check email notifications to administrators and end users; see section 27.5, Configuring the identity check email notifications.