page_type | languages | products | description | urlFragment | ||
---|---|---|---|---|---|---|
sample |
|
|
Sample for integrating External Identities self-service sign-up with experian identity verification using API connectors |
active-directory-dotnet-external-identities-experian-identity-verification |
Experian External Identities self-service sign-up API connector integration
Azure Active Directory (Azure AD) External Identities enable you to provide self-service sign-up for external users so that collaboration is seamless and end-user friendly. API connectors enable you to leverage web APIs to integrate those self-service sign-up flows with external cloud systems.
Verifying a user's identity can be critical to securing an application from fraudulent and malicious actors and confidently allowing self-service sign-up. To accomplish this, you can use Experian's identity services including continuous and dynamic authentication, fraud risk analytics and identity verification capabilities through the Experian CrossCore platform.
This integration asks the external user multiple details using a self-service sign-up and uses Experian to determine whether the user should be allowed to successfully sign-up or not. The following attributes are used in making a pass/fail decision:
- Given Name
- MiddleName
- Surname
- Street Address
- City
- State/Province
- Postal Code
- Country/Region
- PhoneNumber
Contents
File/folder | Description |
---|---|
/CrossCoreExtIdApi |
Sample source code for custom web API. |
.gitignore |
Define what to ignore at commit time. |
CHANGELOG.md |
List of changes to the sample. |
CONTRIBUTING.md |
Guidelines for contributing to the sample. |
README.md |
This README file. |
LICENSE |
The license for the sample. |
Prerequisites
You must have an Azure Active Directory tenant.
Solution Components
The Experian integration is comprised of the following components:
- Experian -- A service that can be used to verify a user's identity using information provided by the user.
- Azure AD External Identities self-service sign-up - The way to allow external customers to sign-up as external users to your organization.
- Custom web API -- The provided API implements the integration between the Azure AD self-service sign-up user flow and the Experian service to perform identity verification on sign-up.
- API connector - Part of a self-service sign-up, allows you to connect the sign-up flow with the custom web API.
Create an Experian account
When you are ready to get an Experian account, sign up using this web form.
Deploy the API
Deploy the provided API code to an Azure service. The code can be published from Visual Studio, following these instructions.
Note the URL of the deployed service. This will be needed to configure the API connector with the required settings.
Configure the API
Application settings can be configured in the App service in Azure. This allows for settings to be securely configured without checking them into a repository. The API needs the following settings provided:
Application Setting Name | Source |
---|---|
CrossCore:TenantId | Experian account configuration |
CrossCore:OrgCode | Experian account configuration |
CrossCore:ApiEndpoint | Experian account configuration |
CrossCore:ClientReference | Experian account configuration |
CrossCore:ModelCode | Experian account configuration |
CrossCore:HdrRequestType | Experian account configuration |
CrossCore:OrgCode | Experian account configuration |
CrossCore:SignatureKey | Experian account configuration |
CrossCore:TenantId | Experian account configuration |
CrossCore:CertificateThumbprint | Experian certificate |
BasicAuth:ApiUsername | Set a username for accessing the API. |
BasicAuth:ApiPassword | Set a password for accessing the API. |
Integrate the API with External Identities self-service sign-up
Azure AD needs to be configured for use with external identities.
Configure a self-service sign-up user flow
Create a self-service sign-up user flow for registering external users to your tenant.
Before you create the user flow, create the custom attributes that Experian uses to to verify an identity:
- MiddleName
- PhoneNumber
When creating the user flow, the following must be selected under *User Attributes in order to collect the relevant information from the user:
- PhoneNumber
- MiddleName
- Given Name
- Postal Code
- Street Address
- State/Province
- Surname
- City
- Country/Region
Create an API Connector
After the Azure AD tenant has been configured for use with External Identities self-service sign-up, create an API connector
- Display Name: Choose a name such as 'Verify identity with Experian'.
- Endpoint URL: Use the URL created when publishing the API service.
- Username: Username defined in the API configuration above (BasicAuth:ApiUsername)
- Password: Password defined in the API configuration above (BasicAuth:ApiPassword)
Enable the API connector in the user flow
Enable the API connector for the user flow. Navigate to User flows (Preview), click the user flow you created, and click on API connectors. From here, click on the drop-down menu for Before creating the user and select the API connector (e.g. 'Verify identity with Experian').
End user experience
Your self-service sign-up user flow should now be calling the API when a user signs up. The API uses the Experian service to verify an account. If the user cannot be verified, the user will be shown an error message and asked to review their personal information.
Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.