diff --git a/packages/@okta/vuepress-site/.vuepress/public/img/icons/idv_clear.svg b/packages/@okta/vuepress-site/.vuepress/public/img/icons/idv_clear.svg
new file mode 100644
index 00000000000..8d425e11563
--- /dev/null
+++ b/packages/@okta/vuepress-site/.vuepress/public/img/icons/idv_clear.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/packages/@okta/vuepress-site/.vuepress/public/img/icons/idv_custom.svg b/packages/@okta/vuepress-site/.vuepress/public/img/icons/idv_custom.svg
new file mode 100644
index 00000000000..c2a10c0d7a2
--- /dev/null
+++ b/packages/@okta/vuepress-site/.vuepress/public/img/icons/idv_custom.svg
@@ -0,0 +1,7 @@
+
diff --git a/packages/@okta/vuepress-site/.vuepress/public/img/icons/idv_incode.svg b/packages/@okta/vuepress-site/.vuepress/public/img/icons/idv_incode.svg
new file mode 100644
index 00000000000..53913e3a681
--- /dev/null
+++ b/packages/@okta/vuepress-site/.vuepress/public/img/icons/idv_incode.svg
@@ -0,0 +1,4 @@
+
+
diff --git a/packages/@okta/vuepress-site/.vuepress/public/img/idp-logos/idv_clear.svg b/packages/@okta/vuepress-site/.vuepress/public/img/idp-logos/idv_clear.svg
new file mode 100644
index 00000000000..8d425e11563
--- /dev/null
+++ b/packages/@okta/vuepress-site/.vuepress/public/img/idp-logos/idv_clear.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/packages/@okta/vuepress-site/.vuepress/public/img/idp-logos/idv_custom.svg b/packages/@okta/vuepress-site/.vuepress/public/img/idp-logos/idv_custom.svg
new file mode 100644
index 00000000000..c2a10c0d7a2
--- /dev/null
+++ b/packages/@okta/vuepress-site/.vuepress/public/img/idp-logos/idv_custom.svg
@@ -0,0 +1,7 @@
+
diff --git a/packages/@okta/vuepress-site/.vuepress/public/img/idp-logos/idv_incode.svg b/packages/@okta/vuepress-site/.vuepress/public/img/idp-logos/idv_incode.svg
new file mode 100644
index 00000000000..53913e3a681
--- /dev/null
+++ b/packages/@okta/vuepress-site/.vuepress/public/img/idp-logos/idv_incode.svg
@@ -0,0 +1,4 @@
+
+
diff --git a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/clear/afterappidpinokta.md b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/clear/afterappidpinokta.md
new file mode 100644
index 00000000000..7d3ca9670d1
--- /dev/null
+++ b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/clear/afterappidpinokta.md
@@ -0,0 +1,157 @@
+## Create an Okta account management policy rule
+
+Use the [Policies API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Policy/#tag/Policy/operation/createPolicyRule) to create a rule that requires to verify users when they enroll a new authenticator. Create your own `POST` request body or copy the [example request](#okta-account-management-policy-rule-example-request) and input your values.
+
+Ensure that you’ve created a group for users who you want to verify with . For example, create a group called "CLEAR1 IDV test group".
+
+> **Note:** To add a rule using the Admin Console, see [Edit the Okta account management policy](https://help.okta.com/okta_help.htm?type=oie&id=ext-edit-oamp).
+
+1. [Retrieve the Okta account management policy ID](/docs/guides/okta-account-management-policy/main/#retrieve-the-okta-account-management-policy-id). Use the Okta account management policy `id` as the `policyId` value in your `POST` request to create the IDV rule.
+
+1. Set the following request body parameters for the new IDV rule that you want to create:
+
+ * Provide a `name` value.
+ * Use the Okta account management policy `id` as the `policyId` value.
+ * Set the group ID. Use the [List all groups call](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Group/#tag/Group/operation/listGroups) to find the `id` for the test group.
+ * Set the `verificationMethod` type to `ID_PROOFING`.
+ * Set the `verificationMethod.id` as the ID of the IdP that you created in the [previous section](#create-the-idv-vendor-in-okta).
+ * Set `appSignOn` access value to `ALLOW`.
+ * Use the following [Okta Expression Language](/docs/reference/okta-expression-language-in-identity-engine/) object:
+
+ ```json
+ "elCondition": {
+ "condition": "accessRequest.operation == 'enroll'"
+ }
+ ```
+
+ This expression requires users to verify their identity with the IDV vendor when they enroll a new authenticator.
+
+1. Send the `POST /api/v1/policies/{policyId}/rules` request.
+
+### Okta account management policy rule example request
+
+```json
+{
+ "name": "Require IDV for authenticator enrollment",
+ "priority": 1,
+ "type": "ACCESS_POLICY",
+ "system": false,
+ "conditions": {
+ "people": {
+ "groups": {
+ "include":
+ ["{groupId}"]
+ }
+ },
+ "network": {
+ "connection": "ANYWHERE"
+ },
+ "riskScore": {
+ "level": "ANY"
+ },
+ "elCondition": {
+ "condition": "accessRequest.operation == 'enroll'"
+ },
+ "userType": {
+ "include": [],
+ "exclude": []
+ }
+ },
+ "actions": {
+ "appSignOn": {
+ "access": "ALLOW",
+ "verificationMethod": {
+ "id": "{IDVId}",
+ "type": "ID_PROOFING"
+ }
+ }
+ }
+}
+```
+
+### Example response
+
+```json
+{
+ "id": "ruleId",
+ "status": "ACTIVE",
+ "name": "Require IDV for authenticator enrollment",
+ "priority": 1,
+ "created": "2024-11-14T21:16:55.000Z",
+ "lastUpdated": "2024-11-14T21:16:55.000Z",
+ "system": false,
+ "conditions": {
+ "people": {
+ "users": {
+ "exclude": []
+ },
+ "groups": {
+ "include": [
+ {"groupId"}
+ ]
+ }
+ },
+ "network": {
+ "connection": "ANYWHERE"
+ },
+ "riskScore": {
+ "level": "ANY"
+ },
+ "elCondition": {
+ "condition": "accessRequest.operation == 'enroll'"
+ },
+ "userType": {
+ "include": [],
+ "exclude": []
+ }
+ },
+ "actions": {
+ "appSignOn": {
+ "access": "ALLOW",
+ "verificationMethod": {
+ "id": {"IDVId"},
+ "type": "ID_PROOFING"
+ }
+ }
+ },
+ "_links": {
+ "self": {
+ "href": "https://{yourOktadomain}/api/v1/policies/rstjqw4t47yn9lXUK5d7/rules/rull5mrtqkAVfIyWT5d7",
+ "hints": {
+ "allow": [
+ "GET",
+ "PUT",
+ "DELETE"
+ ]
+ }
+ },
+ "deactivate": {
+ "href": "https://{yourOktadomain}/api/v1/policies/rstjqw4t47yn9lXUK5d7/rules/rull5mrtqkAVfIyWT5d7/lifecycle/deactivate",
+ "hints": {
+ "allow": [
+ "POST"
+ ]
+ }
+ }
+ },
+ "type": "ACCESS_POLICY"
+}
+```
+
+## Test the integration
+
+You now have a project in a Sandbox environment. You can configure different IDV settings in the Sandbox environment and perform test verifications to see how your IDV flow works.
+
+1. Go to your dashboard.
+1. Go to **Projects** and select your project.
+1. Click **Preview**.
+1. Click **Generate** to create a link to a test verification session.
+1. Open the generated link in a new browser tab.
+
+You can use the link to test the IDV flow or you can share it with others. In the Sandbox environment, no actual verifications are performed. You can use test credentials to complete the verification. The test verification doesn't interact with Okta so you can only test the IDV flow.
+
+To test the integration with Okta, you must use a real user account with verifiable user information and use a Production environment project. For example, if your IDV flow requires a government-issued ID, your user account must have an ID that matches that requirement.
+
+When you're ready to go live with your project, you can publish your project to the Production environment. See [Going Live with ](http://docs.clearme.com/docs/going-live-with-clear).
+
+> **Note:** Your user may not be able to complete the IDV flow if their information doesn't match the verifiable information required by your IDV vendor. Review the [System Log](https://help.okta.com/okta_help.htm?id=ext_Reports_SysLog) if you encounter errors when testing the IDV flow. See [Identity verification events](/docs/guides/idv-integration/main/#identity-verification-events) for information about IDV events in the System Log.
diff --git a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/clear/alternateusecase.md b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/clear/alternateusecase.md
new file mode 100644
index 00000000000..07f2b380d13
--- /dev/null
+++ b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/clear/alternateusecase.md
@@ -0,0 +1,23 @@
+#### Verify user identity only when they enroll an authenticator
+
+```
+accessRequest.operation == 'enroll'
+```
+
+#### Verify user identity only when they reset their password
+
+```
+accessRequest.authenticator.key == 'okta_password' && accessRequest.operation == 'recover'
+```
+
+#### Verify user identity only when they enroll phishing-resistant authenticators
+
+```
+{
+ 'okta_verify',
+ 'webauthn',
+ 'smart_card_idp',
+ 'yubikey_token'
+}.contains(accessRequest.authenticator.key) &&
+accessRequest.operation == 'enroll'
+```
diff --git a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/clear/appatidp.md b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/clear/appatidp.md
new file mode 100644
index 00000000000..c8f30ab3b6b
--- /dev/null
+++ b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/clear/appatidp.md
@@ -0,0 +1,25 @@
+At [](https://workforce.incode.com/overview), follow these steps to create a app:
+
+1. Go to your dashboard.
+1. [Create a project](https://docs.clearme.com/docs/create-project).
+1. In the **IDV builder** tab, configure how you want to verify your users.
+1. After you've configured your IDV settings, click **Save**.
+ > **Note:** You can always return to the **IDV builder** tab to make other changes to your project.
+1. Click **Publish**. Set the **Environment** as **Sandbox** and then click **Publish** again.
+1. Go to **Integrations**, and select the **OpenID Connect** tab.
+1. Click **Add client ID & secret**.
+1. Select **Okta** as the OIDC configuration.
+1. In the first drop-down menu, select **Sandbox**. In the other drop-down menu, select your project name.
+1. Click **Next**.
+1. Copy the **Client ID** and **Client Secret** values into a text editor. You need these values in the next section.
+1. Under **URI allowlist**, enter your Okta org's domain and append `/idp/identity-verification/callback`. For example: `https://{yourOktadomain}.okta.com/idp/identity-verification/callback`
+ * The redirect URI is the location where sends the verification response. The URI sent in the verification request from the client needs to match the redirect URI set at the IDV vendor. Ensure that the URI is located in a secure domain that you own.
+ * For example, if your Okta subdomain is called `company`, then the URL would be: `company.okta.com.` If you’ve configured a custom domain in your Okta org, use that value to construct your redirect URI, such as `login.company.com.`
+ * Include all base domains (Okta domain and custom domain) that your users interact with in the allowed redirect URI list.
+1. Click **Done**.
+
+### Other IDV vendor configuration
+
+There are more settings for the app that you can configure. The steps in this guide address the quickest route to set up as an IDV vendor with Okta.
+
+See the [ documentation](https://docs.clearme.com/docs/okta) for more information about other configuration settings.
diff --git a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/clear/appidpinokta.md b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/clear/appidpinokta.md
new file mode 100644
index 00000000000..6a35ea856d9
--- /dev/null
+++ b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/clear/appidpinokta.md
@@ -0,0 +1,136 @@
+Use the [IdP API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/IdentityProvider/#tag/IdentityProvider/operation/createIdentityProvider) to add as an IDV vendor in Okta. Create your own `POST` request body or copy the [example request](#example-request) and input your values.
+
+> **Note:** To add using the Admin Console, see [Add an Identity Verification vendor as Identity Provider](https://help.okta.com/okta_help.htm?type=oie&id=id-verification).
+
+1. Set the following request body parameters:
+
+ * Enter a value for `name`.
+ * Set `type` to `IDV_CLEAR`.
+ * Set `ID_PROOFING` as the protocol type.
+ * Use the **Client ID** and **Client Secret** values from the [previous section](#create-an-app-at-the-idv-vendor) as the `client_id` and `client_secret` values.
+ * Set the `scopes` array to include the `profile`, `identity_assurance`, and `openid` scopes.
+ * `profile`: This scope allows the IDV vendor to request access to basic user profile information from Okta.
+ * `identity_assurance`: This scope requests access to the `verified_claims` object so that the IDV vendor can send and receive information about the level of assurance of the IDV flow.
+ * `openid`: This scope is required to make the request an OpenID Connect (OIDC) request.
+
+1. Send the `POST /api/v1/idps` request.
+
+1. After you create the IDV vendor, copy the value of `id` from the response body and paste it into a text editor. Use it in the next section.
+
+### Example request
+
+```json
+{
+ "type": "IDV_CLEAR",
+ "name": "CLEAR1 IDV",
+ "protocol": {
+ "type": "ID_PROOFING",
+ "scopes": [
+ "profile",
+ "identity_assurance",
+ "openid"
+ ],
+ "credentials": {
+ "client": {
+ "client_id": "your-client-id",
+ "client_secret": "your-client-secret"
+ }
+ }
+ },
+ "policy": {
+ "provisioning": {
+ "action": "DISABLED",
+ "profileMaster": false,
+ "groups": null
+ },
+ "accountLink": {
+ "filter": null,
+ "action": "AUTO"
+ },
+ "subject": {
+ "userNameTemplate": {
+ "template": "source.userName"
+ },
+ "filter": null,
+ "matchType": "USERNAME",
+ "matchAttribute": null
+ },
+ "maxClockSkew": 0
+ }
+}
+```
+
+### Example response
+
+```json
+{
+ "id": "0oab50jh0UPiB6xde0w6",
+ "name": "CLEAR1 IDV",
+ "status": "ACTIVE",
+ "created": "2025-01-14T19:59:41.000Z",
+ "lastUpdated": "2025-01-14T19:59:41.000Z",
+ "protocol": {
+ "type": "ID_PROOFING",
+ "endpoints": {
+ "authorization": {
+ "url": "https://verified.clearme.com/oauth/idv_authorize",
+ "binding": "HTTP-REDIRECT"
+ },
+ "token": {
+ "url": "https://verified.clearme.com/hydra/oauth2/token",
+ "binding": "HTTP-POST"
+ },
+ "par": {
+ "url": "https://verified.clearme.com/oauth/par",
+ "binding": "HTTP-POST"
+ }
+ },
+ "scopes": [
+ "openid",
+ "profile",
+ "identity_assurance"
+ ],
+ "credentials": {
+ "client": {
+ "client_id": "your-client-id",
+ "client_secret": "your-client-secret"
+ }
+ }
+ },
+ "policy": {
+ "provisioning": {
+ "action": "DISABLED",
+ "profileMaster": false,
+ "groups": null
+ },
+ "subject": {
+ "userNameTemplate": {
+ "template": "source.userName"
+ },
+ "filter": null,
+ "matchType": "USERNAME",
+ "matchAttribute": null
+ },
+ "maxClockSkew": 0
+ },
+ "type": "IDV_CLEAR",
+ "_links": {
+ "users": {
+ "href": "https://{yourOktaDomain}/api/v1/idps/0oab50jh0UPiB6xde0w6/users",
+ "hints": {
+ "allow": [
+ "GET"
+ ]
+ }
+ },
+ "deactivate": {
+ "href": "https://{yourOktaDomain}/api/v1/idps/0oab50jh0UPiB6xde0w6/lifecycle/deactivate",
+ "hints": {
+ "allow": [
+ "POST"
+ ]
+ }
+ }
+ }
+}
+```
diff --git a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/clear/idp.md b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/clear/idp.md
new file mode 100644
index 00000000000..55dac211b31
--- /dev/null
+++ b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/clear/idp.md
@@ -0,0 +1 @@
+CLEAR1
diff --git a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/clear/idpaccount.md b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/clear/idpaccount.md
new file mode 100644
index 00000000000..90b602c9b77
--- /dev/null
+++ b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/clear/idpaccount.md
@@ -0,0 +1 @@
+[CLEAR1](https://docs.clearme.com/docs/okta)
diff --git a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/clear/learningoutcome.md b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/clear/learningoutcome.md
new file mode 100644
index 00000000000..d4a181bada6
--- /dev/null
+++ b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/clear/learningoutcome.md
@@ -0,0 +1,20 @@
+##
+
+This document explains how to configure , an identity verification (IDV) vendor, as an identity provider (IdP) for your org. You can configure as an IdP in your org by creating an account with , adding it as an IdP in Okta, and then testing the configuration.
+
+
+> **Note:** works as an IDV vendor, but is listed as an IdP in the Admin Console. This guide refers to as an IDV vendor.
+
+---
+
+#### Learning outcomes
+
+Configure an IDV vendor so that your user’s identities are verified when they enroll a new authenticator.
+
+#### What you need
+
+* [Okta Integrator Free Plan org](https://developer.okta.com/signup)
+* An account with
+* A new [group](https://help.okta.com/okta_help.htm?type=oie&id=usgp-groups-create) in your org for IDV users
+
+---
diff --git a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/customidv/afterappidpinokta.md b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/customidv/afterappidpinokta.md
new file mode 100644
index 00000000000..79fc456543f
--- /dev/null
+++ b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/customidv/afterappidpinokta.md
@@ -0,0 +1,149 @@
+## Create an Okta account management policy rule
+
+Use the [Policies API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Policy/#tag/Policy/operation/createPolicyRule) to create a rule that requires your custom IDV vendor to verify users when they enroll a new authenticator. Create your own `POST` request body or copy the [example request](#okta-account-management-policy-rule-example-request) and input your values.
+
+Ensure that you’ve created a group for users who you want to verify with your custom IDV vendor. For example, create a group called "Custom IDV test group".
+
+> **Note:** To add a rule using the Admin Console, see [Edit the Okta account management policy](https://help.okta.com/okta_help.htm?type=oie&id=ext-edit-oamp).
+
+1. [Retrieve the Okta account management policy ID](/docs/guides/okta-account-management-policy/main/#retrieve-the-okta-account-management-policy-id). Use the Okta account management policy `id` as the `policyId` value in your `POST` request to create the IDV rule.
+
+1. Set the following request body parameters for the new IDV rule that you want to create:
+
+ * Provide a `name` value.
+ * Use the Okta account management policy `id` as the `policyId` value.
+ * Set the group ID. Use the [List all groups call](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Group/#tag/Group/operation/listGroups) to find the `id` for the test group.
+ * Set the `verificationMethod` type to `ID_PROOFING`.
+ * Set the `verificationMethod` > `id` as the ID of the custom IDV vendor IdP that you created in the [previous section](#create-the-idv-vendor-in-okta).
+ * Set `appSignOn` access value to `ALLOW`.
+ * Use the following [Okta Expression Language](/docs/reference/okta-expression-language-in-identity-engine/) object:
+
+ ```json
+ "elCondition": {
+ "condition": "accessRequest.operation == 'enroll'"
+ }
+ ```
+
+ This expression requires users to verify their identity with the IDV vendor when they enroll a new authenticator.
+
+1. Send the `POST /api/v1/policies/{policyId}/rules` request.
+
+### Okta account management policy rule example request
+
+```json
+{
+ "name": "Require IDV for authenticator enrollment",
+ "priority": 1,
+ "type": "ACCESS_POLICY",
+ "system": false,
+ "conditions": {
+ "people": {
+ "groups": {
+ "include":
+ ["{groupId}"]
+ }
+ },
+ "network": {
+ "connection": "ANYWHERE"
+ },
+ "riskScore": {
+ "level": "ANY"
+ },
+ "elCondition": {
+ "condition": "accessRequest.operation == 'enroll'"
+ },
+ "userType": {
+ "include": [],
+ "exclude": []
+ }
+ },
+ "actions": {
+ "appSignOn": {
+ "access": "ALLOW",
+ "verificationMethod": {
+ "id": "{IDVId}",
+ "type": "ID_PROOFING"
+ }
+ }
+ }
+}
+```
+
+### Example response
+
+```json
+{
+ "id": "ruleId",
+ "status": "ACTIVE",
+ "name": "Require IDV for authenticator enrollment",
+ "priority": 1,
+ "created": "2024-11-14T21:16:55.000Z",
+ "lastUpdated": "2024-11-14T21:16:55.000Z",
+ "system": false,
+ "conditions": {
+ "people": {
+ "users": {
+ "exclude": []
+ },
+ "groups": {
+ "include": [
+ {"groupId"}
+ ]
+ }
+ },
+ "network": {
+ "connection": "ANYWHERE"
+ },
+ "riskScore": {
+ "level": "ANY"
+ },
+ "elCondition": {
+ "condition": "accessRequest.operation == 'enroll'"
+ },
+ "userType": {
+ "include": [],
+ "exclude": []
+ }
+ },
+ "actions": {
+ "appSignOn": {
+ "access": "ALLOW",
+ "verificationMethod": {
+ "id": {"IDVId"},
+ "type": "ID_PROOFING"
+ }
+ }
+ },
+ "_links": {
+ "self": {
+ "href": "https://{yourOktadomain}/api/v1/policies/rstjqw4t47yn9lXUK5d7/rules/rull5mrtqkAVfIyWT5d7",
+ "hints": {
+ "allow": [
+ "GET",
+ "PUT",
+ "DELETE"
+ ]
+ }
+ },
+ "deactivate": {
+ "href": "https://{yourOktadomain}/api/v1/policies/rstjqw4t47yn9lXUK5d7/rules/rull5mrtqkAVfIyWT5d7/lifecycle/deactivate",
+ "hints": {
+ "allow": [
+ "POST"
+ ]
+ }
+ }
+ },
+ "type": "ACCESS_POLICY"
+}
+```
+
+## Test the integration
+
+After you've configured your custom IDV vendor and created the Okta account management policy rule, you can test the integration.
+
+Testing the integration can depend on your IDV vendor. Depending on your vendor, you might be able to use a sandbox environment to complete the verification. Refer to your IDV vendor's documentation for more information about testing the integration.
+
+However, there's a simple way to test if the Okta account management policy and IDV vendor are set up correctly in your org. Try to enroll an authenticator using your test user. If your IDV vendor and policy are set up correctly, that user is prompted to verify their identity with the IDV vendor before they can complete the enrollment.
+
+> **Note:** Your user may not be able to complete the IDV flow if their information doesn't match the verifiable information required by your IDV vendor. Review the [System Log](https://help.okta.com/okta_help.htm?id=ext_Reports_SysLog) if you encounter errors when testing the IDV flow. See [Identity verification events](/docs/guides/idv-integration/main/#identity-verification-events) for information about IDV events in the System Log.
diff --git a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/customidv/alternateusecase.md b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/customidv/alternateusecase.md
new file mode 100644
index 00000000000..249cd4a04fd
--- /dev/null
+++ b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/customidv/alternateusecase.md
@@ -0,0 +1,23 @@
+#### Verify user identity only when they enroll an authenticator
+
+```
+accessRequest.operation == 'enroll'
+```
+
+#### Verify user identity only when they reset their password
+
+```
+accessRequest.authenticator.key == 'okta_password' && accessRequest.operation == 'recover'
+```
+
+#### Verify user identity only when they enroll phishing-resistant authenticators
+
+```
+{
+ 'okta_verify',
+ 'webauthn',
+ 'smart_card_idp',
+ 'yubikey_token'
+}.contains(accessRequest.authenticator.key) &&
+accessRequest.operation == 'enroll'
+```
\ No newline at end of file
diff --git a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/customidv/appatidp.md b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/customidv/appatidp.md
new file mode 100644
index 00000000000..5c13764a66c
--- /dev/null
+++ b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/customidv/appatidp.md
@@ -0,0 +1,21 @@
+When you create a custom IDV vendor integration in your org, the vendor must first provide the following information:
+
+| Requirement | Description |
+|-----------------|-------------------------------|
+| Instance name | The vendor must have a client app that can communicate with Okta. The **Instance name** is the unique name of that app. |
+| End user license agreement (EULA) | The vendor must provide a URL that links to an EULA that your users must accept before using the IDV vendor. |
+| Vendor name | The vendor must provide a name that identifies the IDV vendor. This name is displayed to users during IDV flows, in the Sign-In Widget. |
+| Privacy policy | The vendor must provide a URL that links to a privacy policy that explains the vendor's privacy practices. |
+| Client ID | The vendor must provide a client identifier for the app that you create at the vendor. |
+| Client secret | The vendor must provide a client secret for the app that you create at the vendor. |
+| Issuer URL | The vendor must provide a URL that identifies the IDV vendor. This is the base URL for the IDV vendor’s authorization server. This URL identifies the IDV vendor and is used as the issuer in OAuth 2.0 and OpenID Connect (OIDC) requests. Okta uses it to verify tokens and establish trust during the IDV flow. |
+| PAR request URL | The vendor must provide a URL that Okta uses to send pushed authorization requests (PAR) to the IDV vendor. Okta sends a POST request to this URL to initiate a verification session and to transmit user claims and verification parameters. |
+| Authorize URL | The vendor must provide a URL that Okta uses to redirect users to the IDV vendor for identity verification. |
+| Token URL | The vendor must provide a URL that Okta uses to exchange the authorization code for an access token and an ID token. |
+| JWKS URL | The vendor must provide a URL that Okta uses to retrieve JSON Web Key Set (JWKS) from the IDV vendor. |
+
+For more information about these requirements, see [Integrate Okta with identity verification vendors](/docs/guides/idv-integration/).
+
+After your IDV vendor provides this information, you can create the IdP integration in your org.
+
+> **Note:** Your IDV vendor might have other configuration settings. Refer to your IDV vendor's documentation for more information about other configuration settings.
diff --git a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/customidv/appidpinokta.md b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/customidv/appidpinokta.md
new file mode 100644
index 00000000000..c479c90c11a
--- /dev/null
+++ b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/customidv/appidpinokta.md
@@ -0,0 +1,188 @@
+Use the [IdP API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/IdentityProvider/#tag/IdentityProvider/operation/createIdentityProvider) to add your custom IDV vendor in Okta. Create your own `POST` request body or copy the [example request](#example-request) and input your values.
+
+> **Note:** To add a custom IDV vendor using the Admin Console, see [Add an Identity Verification vendor as Identity Provider](https://help.okta.com/okta_help.htm?type=oie&id=id-verification).
+
+1. Set the following request body parameters:
+
+ * Enter a value for `name`.
+ * Set `type` to `IDV_STANDARD`.
+ * Set `ID_PROOFING` as the protocol type.
+ * Use the **Client ID** and **Client Secret** values from the [previous section](#create-an-app-at-the-idv-vendor) as the `client_id` and `client_secret` values.
+ * Use the URLs that your IDV vendor provided in the following parameters:
+ * `issuer.url`: The **Issuer URL** that your IDV vendor provided.
+ * `endpoints.par.url`: The **PAR request URL** that your IDV vendor provided.
+ * `endpoints.authorization.url`: The **Authorize URL** that your IDV vendor provided.
+ * `endpoints.token.url`: The **Token URL** that your IDV vendor provided.
+ * `endpoints.jwks.url`: The **JWKS URL** that your IDV vendor provided.
+ * Set the `properties.idvMetadata` object values:
+ * `vendorDisplayName`: The **Vendor name** that your IDV vendor provided.
+ * `termsOfUse`: The **End user license agreement (EULA)** URL that your IDV vendor provided.
+ * `privacyPolicy`: The **Privacy policy** URL that your IDV vendor provided.
+ * Set the `scopes` array to include the `profile`, `identity_assurance`, and `openid` scopes.
+ * `profile`: This scope allows the IDV vendor to request access to basic user profile information from Okta.
+ * `identity_assurance`: This scope requests access to the `verified_claims` object so that the IDV vendor can send and receive information about the level of assurance of the IDV flow.
+ * `openid`: This scope is required to make the request an OpenID Connect (OIDC) request.
+
+1. Send the `POST /api/v1/idps` request.
+
+1. After you create the IDV vendor, copy the value of `id` from the response body and paste it into a text editor. Use it in the next section.
+
+### Example request
+
+```json
+{
+ "type": "IDV_STANDARD",
+ "name": "Custom IDV",
+ "protocol": {
+ "type": "ID_PROOFING",
+ "endpoints": {
+ "par": {
+ "url": "https://idv.example.com/par",
+ "binding": "HTTP-REDIRECT"
+ },
+ "authorization": {
+ "url": "https://idv.example.com/authorize",
+ "binding": "HTTP-REDIRECT"
+ },
+ "token": {
+ "url": "https://idv.example.com/token",
+ "binding": "HTTP-POST"
+ },
+ "jwks": {
+ "url": "https://idv.example.com/jwks",
+ "binding": "HTTP-REDIRECT"
+ }
+ },
+ "issuer": {
+ "url": "https://idv.example.com"
+ },
+ "scopes": [
+ "profile",
+ "identity_assurance",
+ "openid"
+ ],
+ "credentials": {
+ "client": {
+ "client_id": "your-client-id",
+ "client_secret": "your-client-secret"
+ }
+ }
+ },
+ "policy": {
+ "provisioning": {
+ "action": "DISABLED",
+ "profileMaster": false,
+ "groups": null
+ },
+ "accountLink": {
+ "filter": null,
+ "action": "AUTO"
+ },
+ "subject": {
+ "userNameTemplate": {
+ "template": "source.userName"
+ },
+ "filter": null,
+ "matchType": "USERNAME",
+ "matchAttribute": null
+ },
+ "maxClockSkew": 0
+ },
+ "properties": {
+ "idvMetadata": {
+ "vendorDisplayName": "Custom IDV",
+ "termsOfUse": "https://idv.example.com/terms",
+ "privacyPolicy": "https://idv.example.com/privacy"
+ }
+ }
+}
+```
+
+### Example response
+
+```json
+{
+ "id": "0oa2pstvoFV4GYCw30g5",
+ "name": "Custom IDV IdP",
+ "status": "ACTIVE",
+ "created": "2025-01-15T20:54:04.000Z",
+ "lastUpdated": "2025-01-15T20:54:05.000Z",
+ "protocol": {
+ "type": "ID_PROOFING",
+ "endpoints": {
+ "par": {
+ "url": "https://idv.example.com/par",
+ "binding": "HTTP-REDIRECT"
+ },
+ "authorization": {
+ "url": "https://idv.example.com/authorize",
+ "binding": "HTTP-REDIRECT"
+ },
+ "token": {
+ "url": "https://idv.example.com/token",
+ "binding": "HTTP-POST"
+ },
+ "jwks": {
+ "url": "https://idv.example.com/jwks",
+ "binding": "HTTP-REDIRECT"
+ },
+ "issuer": {
+ "url": "https://idv.example.com"
+ },
+ "scopes": [
+ "openid",
+ "profile",
+ "identity_assurance"
+ ],
+ "credentials": {
+ "client": {
+ "client_id": "your-client-id",
+ "client_secret": "your-client-secret"
+ }
+ },
+ "policy": {
+ "provisioning": {
+ "action": "DISABLED",
+ "profileMaster": false,
+ "groups": null
+ },
+ "subject": {
+ "userNameTemplate": {
+ "template": "source.userName",
+ "filter": null,
+ "matchType": "USERNAME",
+ "matchAttribute": null
+ },
+ "maxClockSkew": 0,
+ "properties": {
+ "idvMetadata": {
+ "vendorDisplayName": "Custom IDV",
+ "termsOfUse": "https://idv.example.com/terms",
+ "privacyPolicy": "https://idv.example.com/privacy"
+ }
+ }
+ },
+ "type": "IDV_STANDARD",
+ "_links": {
+ "users": {
+ "href": "https://{yourOktaDomain}/api/v1/idps/0oa2pstvoFV4GYCw30g5/users",
+ "hints": {
+ "allow": [
+ "GET"
+ ]
+ }
+ },
+ "deactivate": {
+ "href": "https://{yourOktaDomain}/api/v1/idps/0oa2pstvoFV4GYCw30g5/lifecycle/deactivate",
+ "hints": {
+ "allow": [
+ "POST"
+ ]
+ }
+ }
+ }
+ }
+ }
+ }
+}
+```
diff --git a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/customidv/idp.md b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/customidv/idp.md
new file mode 100644
index 00000000000..08e70f719b8
--- /dev/null
+++ b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/customidv/idp.md
@@ -0,0 +1 @@
+Custom IDV vendor
diff --git a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/customidv/idpaccount.md b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/customidv/idpaccount.md
new file mode 100644
index 00000000000..4773fbb1f61
--- /dev/null
+++ b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/customidv/idpaccount.md
@@ -0,0 +1 @@
+[Persona](https://help.withpersona.com/articles/58NE2qRFCBoh1ogfpB7Q1J/index.html)
diff --git a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/customidv/learningoutcome.md b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/customidv/learningoutcome.md
new file mode 100644
index 00000000000..c766483e72a
--- /dev/null
+++ b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/customidv/learningoutcome.md
@@ -0,0 +1,22 @@
+##
+
+This document explains how to configure a custom IDV vendor as an identity provider (IdP) for your org. You can configure a custom IDV vendor as an IdP in your org by creating an account with the vendor, adding it as an IdP in Okta, and then testing the configuration. If you don't have a custom IDV vendor that you want to use, [you can create your own IDV service](/docs/guides/idv-integration/) and use this guide to add it as an IdP.
+
+
+> **Note:** IDV vendors are listed as IdPs in the Admin Console. This guide refers to the custom IDV vendor as an IDV vendor.
+
+---
+
+#### Learning outcomes
+
+Configure a custom IDV vendor so that your user’s identities are verified when they enroll a new authenticator.
+
+#### What you need
+
+* [Okta Integrator Free Plan org](https://developer.okta.com/signup)
+* [An IDV vendor that's integrated with Okta](/docs/guides/idv-integration/)
+* An account with the custom IDV vendor
+* A test [user account](https://help.okta.com/okta_help.htm?type=oie&id=ext-usgp-add-users) that you can use to enroll an authenticator
+* A test [group](https://help.okta.com/okta_help.htm?type=oie&id=usgp-groups-create) in your org that the test user is added to
+
+---
diff --git a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/incode/afterappidpinokta.md b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/incode/afterappidpinokta.md
new file mode 100644
index 00000000000..aa8ea5add58
--- /dev/null
+++ b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/incode/afterappidpinokta.md
@@ -0,0 +1,157 @@
+## Create an Okta account management policy rule
+
+Use the [Policies API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Policy/#tag/Policy/operation/createPolicyRule) to create a rule that requires to verify users when they enroll a new authenticator. Create your own `POST` request body or copy the [example request](#okta-account-management-policy-rule-example-request) and input your values.
+
+Ensure that you’ve created a user account and group for that user. For example, add the user to a group called " IDV test group".
+
+> **Note:** To add a rule using the Admin Console, see [Edit the Okta account management policy](https://help.okta.com/okta_help.htm?type=oie&id=ext-edit-oamp).
+
+1. [Retrieve the Okta account management policy ID](/docs/guides/okta-account-management-policy/main/#retrieve-the-okta-account-management-policy-id). Use the Okta account management policy `id` as the `policyId` value in your `POST` request to create the IDV rule.
+
+1. Set the following request body parameters for the new IDV rule that you want to create:
+
+ * Provide a `name` value.
+ * Use the Okta account management policy `id` as the `policyId` value.
+ * Set the group ID. Use the [List all groups call](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Group/#tag/Group/operation/listGroups) to find the `id` for the test group.
+ * Set the `verificationMethod` type to `ID_PROOFING`.
+ * Set the `verificationMethod.id` as the ID of the IdP that you created in the [previous section](#create-the-idv-vendor-in-okta).
+ * Set `appSignOn` access value to `ALLOW`.
+ * Use the following [Okta Expression Language](/docs/reference/okta-expression-language-in-identity-engine/) object:
+
+ ```json
+ "elCondition": {
+ "condition": "accessRequest.operation == 'enroll'"
+ }
+ ```
+
+ This expression requires users to verify their identity with the IDV vendor when they enroll a new authenticator.
+
+1. Send the `POST /api/v1/policies/{policyId}/rules` request.
+
+### Okta account management policy rule example request
+
+```json
+{
+ "name": "Require IDV for authenticator enrollment",
+ "priority": 1,
+ "type": "ACCESS_POLICY",
+ "system": false,
+ "conditions": {
+ "people": {
+ "groups": {
+ "include":
+ ["{groupId}"]
+ }
+ },
+ "network": {
+ "connection": "ANYWHERE"
+ },
+ "riskScore": {
+ "level": "ANY"
+ },
+ "elCondition": {
+ "condition": "accessRequest.operation == 'enroll'"
+ },
+ "userType": {
+ "include": [],
+ "exclude": []
+ }
+ },
+ "actions": {
+ "appSignOn": {
+ "access": "ALLOW",
+ "verificationMethod": {
+ "id": "{IDVId}",
+ "type": "ID_PROOFING"
+ }
+ }
+ }
+}
+```
+
+### Example response
+
+```json
+{
+ "id": "ruleId",
+ "status": "ACTIVE",
+ "name": "Require IDV for authenticator enrollment",
+ "priority": 1,
+ "created": "2024-11-14T21:16:55.000Z",
+ "lastUpdated": "2024-11-14T21:16:55.000Z",
+ "system": false,
+ "conditions": {
+ "people": {
+ "users": {
+ "exclude": []
+ },
+ "groups": {
+ "include": [
+ {"groupId"}
+ ]
+ }
+ },
+ "network": {
+ "connection": "ANYWHERE"
+ },
+ "riskScore": {
+ "level": "ANY"
+ },
+ "elCondition": {
+ "condition": "accessRequest.operation == 'enroll'"
+ },
+ "userType": {
+ "include": [],
+ "exclude": []
+ }
+ },
+ "actions": {
+ "appSignOn": {
+ "access": "ALLOW",
+ "verificationMethod": {
+ "id": {"IDVId"},
+ "type": "ID_PROOFING"
+ }
+ }
+ },
+ "_links": {
+ "self": {
+ "href": "https://{yourOktadomain}/api/v1/policies/rstjqw4t47yn9lXUK5d7/rules/rull5mrtqkAVfIyWT5d7",
+ "hints": {
+ "allow": [
+ "GET",
+ "PUT",
+ "DELETE"
+ ]
+ }
+ },
+ "deactivate": {
+ "href": "https://{yourOktadomain}/api/v1/policies/rstjqw4t47yn9lXUK5d7/rules/rull5mrtqkAVfIyWT5d7/lifecycle/deactivate",
+ "hints": {
+ "allow": [
+ "POST"
+ ]
+ }
+ }
+ },
+ "type": "ACCESS_POLICY"
+}
+```
+
+## Test the integration
+
+After you've configured as an IDV vendor and created the Okta account management policy rule, you can test the integration.
+
+You can test the integration directly from your app. However, you must use a real user account with verifiable user information. For example, if your IDV flow requires a government-issued ID, your user account must have an ID that matches that requirement.
+
+1. Go to your dashboard.
+1. Go to **Helpdesk Verification**.
+1. Under **Employee**, select the user you want to test the IDV flow with.
+1. Under **Verification method**, select **Via sharing a Link**.
+1. Click **Generate Verification & Copy Link**. The link is copied to your clipboard.
+1. Paste the link into a new browser tab to open it.
+1. Complete the IDV flow.
+
+To verify that the Okta account management policy and are set up correctly in your org, try to enroll an authenticator with your user. If your IDV vendor and policy are set up correctly, that user is prompted to verify their identity with the IDV vendor before they can complete the enrollment.
+
+> **Note:** Your user may not be able to complete the IDV flow if their information doesn't match the verifiable information required by your IDV vendor. Review the [System Log](https://help.okta.com/okta_help.htm?id=ext_Reports_SysLog) if you encounter errors when testing the IDV flow. See [Identity verification events](/docs/guides/idv-integration/main/#identity-verification-events) for information about IDV events in the System Log.
diff --git a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/incode/alternateusecase.md b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/incode/alternateusecase.md
new file mode 100644
index 00000000000..249cd4a04fd
--- /dev/null
+++ b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/incode/alternateusecase.md
@@ -0,0 +1,23 @@
+#### Verify user identity only when they enroll an authenticator
+
+```
+accessRequest.operation == 'enroll'
+```
+
+#### Verify user identity only when they reset their password
+
+```
+accessRequest.authenticator.key == 'okta_password' && accessRequest.operation == 'recover'
+```
+
+#### Verify user identity only when they enroll phishing-resistant authenticators
+
+```
+{
+ 'okta_verify',
+ 'webauthn',
+ 'smart_card_idp',
+ 'yubikey_token'
+}.contains(accessRequest.authenticator.key) &&
+accessRequest.operation == 'enroll'
+```
\ No newline at end of file
diff --git a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/incode/appatidp.md b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/incode/appatidp.md
new file mode 100644
index 00000000000..108f610a261
--- /dev/null
+++ b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/incode/appatidp.md
@@ -0,0 +1,10 @@
+There are two steps to configure Incode as an IDV vendor in Okta:
+
+1. At [Incode](https://workforce.incode.com/overview), follow these steps to create an Okta IDV integration: [Create Okta IDV Integration in Incode Workforce](https://workforce.developer.incode.com/docs/incode-okta-idv-configuration#step-1-create-okta-idv-integration-in-incode-workforce). Ensure that you copy the **Client ID** and **Client Secret** values into a text editor. You need these values in the next section.
+2. Then, integrate your user directory in Okta with Incode. Follow these steps to integrate your user directory in your Incode app: [Incode Directory Sync Integration with Okta IAM](https://workforce.developer.incode.com/docs/okta-service-app-api-integration). Use your test group ID when syncing your test group in your Incode app.
+
+### Other IDV vendor configuration
+
+There are more settings for the Incode app that you can configure. The steps in this guide address the quickest route to set up Incode as an IDV vendor with Okta.
+
+See the [Incode documentation](https://workforce.developer.incode.com/docs/setup-wizard-guide#step-2-configure-verification-policy) for more information about other configuration settings.
diff --git a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/incode/appidpinokta.md b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/incode/appidpinokta.md
new file mode 100644
index 00000000000..c00aec6b03c
--- /dev/null
+++ b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/incode/appidpinokta.md
@@ -0,0 +1,136 @@
+Use the [IdP API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/IdentityProvider/#tag/IdentityProvider/operation/createIdentityProvider) to add as an IDV vendor in Okta. Create your own `POST` request body or copy the [example request](#example-request) and input your values.
+
+> **Note:** To add using the Admin Console, see [Add an Identity Verification vendor as Identity Provider](https://help.okta.com/okta_help.htm?type=oie&id=id-verification).
+
+1. Set the following request body parameters:
+
+ * Enter a value for `name`.
+ * Set `type` to `IDV_INCODE`.
+ * Set `ID_PROOFING` as the protocol type.
+ * Use the **Client ID** and **Client Secret** values from the [previous section](#create-an-app-at-the-idv-vendor) as the `client_id` and `client_secret` values.
+ * Set the `scopes` array to include the `profile`, `identity_assurance`, and `openid` scopes.
+ * `profile`: This scope allows the IDV vendor to request access to basic user profile information from Okta.
+ * `identity_assurance`: This scope requests access to the `verified_claims` object so that the IDV vendor can send and receive information about the level of assurance of the IDV flow.
+ * `openid`: This scope is required to make the request an OpenID Connect (OIDC) request.
+
+1. Send the `POST /api/v1/idps` request.
+
+1. After you create the IDV vendor, copy the value of `id` from the response body and paste it into a text editor. Use it in the next section.
+
+### Example request
+
+```json
+{
+ "type": "IDV_INCODE",
+ "name": "Incode IDV",
+ "protocol": {
+ "type": "ID_PROOFING",
+ "scopes": [
+ "profile",
+ "identity_assurance",
+ "openid"
+ ],
+ "credentials": {
+ "client": {
+ "client_id": "your-client-id",
+ "client_secret": "your-client-secret"
+ }
+ }
+ },
+ "policy": {
+ "provisioning": {
+ "action": "DISABLED",
+ "profileMaster": false,
+ "groups": null
+ },
+ "accountLink": {
+ "filter": null,
+ "action": "AUTO"
+ },
+ "subject": {
+ "userNameTemplate": {
+ "template": "source.userName"
+ },
+ "filter": null,
+ "matchType": "USERNAME",
+ "matchAttribute": null
+ },
+ "maxClockSkew": 0
+ }
+}
+```
+
+### Example response
+
+```json
+{
+ "id": "0oaf35tu47hnH9mlZ0w6",
+ "name": "Incode IDV",
+ "status": "ACTIVE",
+ "created": "2025-01-15T20:54:04.000Z",
+ "lastUpdated": "2025-01-15T20:54:05.000Z",
+ "protocol": {
+ "type": "ID_PROOFING",
+ "endpoints": {
+ "authorization": {
+ "url": "https://auth.incode.com/oauth2/authorize",
+ "binding": "HTTP-REDIRECT"
+ },
+ "token": {
+ "url": "https://auth.incode.com/oauth2/token",
+ "binding": "HTTP-POST"
+ },
+ "par": {
+ "url": "https://auth.incode.com/oauth2/par",
+ "binding": "HTTP-POST"
+ }
+ },
+ "scopes": [
+ "openid",
+ "profile",
+ "identity_assurance"
+ ],
+ "credentials": {
+ "client": {
+ "client_id": "your-client-id",
+ "client_secret": "your-client-secret"
+ }
+ }
+ },
+ "policy": {
+ "provisioning": {
+ "action": "DISABLED",
+ "profileMaster": false,
+ "groups": null
+ },
+ "subject": {
+ "userNameTemplate": {
+ "template": "source.userName"
+ },
+ "filter": null,
+ "matchType": "USERNAME",
+ "matchAttribute": null
+ },
+ "maxClockSkew": 0
+ },
+ "type": "IDV_INCODE",
+ "_links": {
+ "users": {
+ "href": "https://{yourOktaDomain}/api/v1/idps/0oaf35tu47hnH9mlZ0w6/users",
+ "hints": {
+ "allow": [
+ "GET"
+ ]
+ }
+ }
+ },
+ "deactivate": {
+ "href": "https://{yourOktaDomain}/api/v1/idps/0oaf35tu47hnH9mlZ0w6/lifecycle/deactivate",
+ "hints": {
+ "allow": [
+ "POST"
+ ]
+ }
+ }
+}
+```
diff --git a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/incode/idp.md b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/incode/idp.md
new file mode 100644
index 00000000000..aad717d8987
--- /dev/null
+++ b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/incode/idp.md
@@ -0,0 +1 @@
+Incode
diff --git a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/incode/idpaccount.md b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/incode/idpaccount.md
new file mode 100644
index 00000000000..482315ed9e3
--- /dev/null
+++ b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/incode/idpaccount.md
@@ -0,0 +1 @@
+[Incode](https://workforce.developer.incode.com/docs/incode-okta-idv-configuration)
diff --git a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/incode/learningoutcome.md b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/incode/learningoutcome.md
new file mode 100644
index 00000000000..de2cb0a1df5
--- /dev/null
+++ b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/incode/learningoutcome.md
@@ -0,0 +1,21 @@
+##
+
+This document explains how to configure , an identity verification (IDV) vendor, as an identity provider (IdP) for your org. You can configure as an IdP in your org by creating an account with , adding it as an IdP in Okta, and then testing the configuration.
+
+
+> **Note:** works as an IDV vendor, but is listed as an IdP in the Admin Console. This guide refers to as an IDV vendor.
+
+---
+
+#### Learning outcomes
+
+Configure an IDV vendor so that your user’s identities are verified when they enroll a new authenticator.
+
+#### What you need
+
+* [Okta Integrator Free Plan org](https://developer.okta.com/signup)
+* An account with
+* A real [user account](https://help.okta.com/okta_help.htm?type=oie&id=ext-usgp-add-users) with verifiable user information
+* A test [group](https://help.okta.com/okta_help.htm?type=oie&id=usgp-groups-create) in your org that the user is added to
+
+---
diff --git a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/index.md b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/index.md
index adb757a5f25..abd6e63e3ed 100644
--- a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/index.md
+++ b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/index.md
@@ -5,31 +5,7 @@ meta:
content: Okta supports identity verification with external enterprise identity verification vendors. Get an overview of the process and prerequisites, as well as the setup instructions.
---
-##
-
-This document explains how to configure , an identity verification (IDV) vendor, as an identity provider (IdP) for your app. You can configure as an IdP in your org by creating an account with , adding it as an IdP in Okta, and then testing the configuration.
-
-> **Note:** works as an IDV vendor, but is listed as an IdP in the Admin Console. This guide refers to as an IDV vendor.
-
-Okta manages the connection to the IDV vendor for your app, sitting between your app and the vendor that verifies your users. When a user signs in, you can verify their identity by having them submit a proof of identity to the IDV vendor.
-
----
-
-#### Learning outcomes
-
-Configure an IDV vendor so that your user’s identities are verified when they enroll a new authenticator.
-
-> **Note:** This guide describes the process for setting up an IDV flow in a sandbox environment of a app. In a sandbox environment, there is no actual identity verification that verifies your user’s identities. You can use the same configuration process in a production environment in your app.
-
-#### What you need
-
-* [Okta Integrator Free Plan org](https://developer.okta.com/signup)
-* An account with with access to a sandbox environment
-* A test [user account](https://help.okta.com/okta_help.htm?type=oie&id=ext-usgp-add-users) that you can use to enroll an authenticator
-* A test [group](https://help.okta.com/okta_help.htm?type=oie&id=usgp-groups-create) in your org that the test user is added to
-* A test [image](#test-image) to use as a proof of identity
-
----
+
## What is an IDV vendor
@@ -47,38 +23,27 @@ Because of its stricter verification, you might only use an IDV vendor for sensi
-
-
-## Test the integration
-
-You can test your integration by using the rule that you configured in the [previous section](#create-an-okta-account-management-policy-rule).
-
-1. Sign in to your org as the user that you created.
-1. Click your username.
-1. Go to **My Settings**.
-1. Select **Security Methods**, and then set up a new authenticator.
-
-If the IDV vendor is set up correctly, you’re prompted to verify your identity and redirected through the IDV flow. Then, the user you created can successfully enroll an authenticator.
-
-### Test image
+### Map profile attributes from Okta to your IDV vendor
-Use the following image if your verification template requires you to upload a photo. Save the image and then select it when you're prompted to upload a photo.
+
-
+After you've created the IDV vendor in Okta, you can map other profile attributes from your user directory to attributes in your IDV vendor. Okta sends the `givenName` and `familyName` attributes by default. You can map other attributes as needed. See [Map profile attributes from Okta to an identity verification vendor](https://help.okta.com/okta_help.htm?type=oie&id=idp-map-profile-attribs).
-
-
-
+
## Alternate use cases
-You can use to verify your user identities in different scenarios. Use the following Okta Expression Language expressions for different scenarios.
+You can use your IDV vendor to verify your user identities in different scenarios. Use the following Okta Expression Language expressions for different scenarios.
-> **Note:** You can use the [Okta account management policy rule](#create-an-okta-account-management-policy-rule) without any expression. If you don't use any expression in the rule then your user is prompted to verify their identity when the following events occur:
+> **Note:** You can use the [Okta account management policy rule](#create-an-okta-account-management-policy-rule) without any expression. If you don't use any expression in the rule then your user is prompted to verify their identity when at least one of the following events occurs:
+>
+> * They enroll or unenroll authenticators.
>
-> * They enroll or unenroll authenticators
+> * They edit their personal information in their **Settings**.
>
-> * They edit their personal information in their **My Settings**
+> * They reset their password in **Settings** or in the Sign-in widget.
+>
+> * They unlock their account.
@@ -91,5 +56,3 @@ When you test the integration, if you’re not redirected to the IDV flow, revie
* Review the Okta account management policy rule. Ensure that you’ve added the correct Okta Expression Language expression and that the `verificationMethod` type is set to `ID_PROOFING`.
* Ensure that your user has the authenticators that they're allowed to enroll.
-
-* Ensure that your API key was created in the sandbox environment.
diff --git a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/persona/afterappidpinokta.md b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/persona/afterappidpinokta.md
index 32d21f0c1ad..762b2ae70b9 100644
--- a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/persona/afterappidpinokta.md
+++ b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/persona/afterappidpinokta.md
@@ -1,8 +1,8 @@
## Create an Okta account management policy rule
-Use the [Policies API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Policy/#tag/Policy/operation/createPolicyRule) to create a rule that requires users to be verified by the IDV vendor when they enroll a new authenticator. Create your own `POST` request body or copy the [example request](#okta-account-management-policy-rule-example-request) and input your values.
+Use the [Policies API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Policy/#tag/Policy/operation/createPolicyRule) to create a rule that requires to verify users when they enroll a new authenticator. Create your own `POST` request body or copy the [example request](#okta-account-management-policy-rule-example-request) and input your values.
-Ensure that you’ve created a user account and group for that user. For example, add the user to a group called “Persona IDV test group”.
+Ensure that you’ve created a user account and group for that user. For example, add the user to a group called "Persona IDV test group".
> **Note:** To add a rule using the Admin Console, see [Edit the Okta account management policy](https://help.okta.com/okta_help.htm?type=oie&id=ext-edit-oamp).
@@ -14,7 +14,7 @@ Ensure that you’ve created a user account and group for that user. For example
* Use the Okta account management policy `id` as the `policyId` value.
* Set the group ID. Use the [List all groups call](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Group/#tag/Group/operation/listGroups) to find the `id` for the test group.
* Set the `verificationMethod` type to `ID_PROOFING`.
- * Set the `verificationMethod` > `id` to the Okta Persona IdP that you created in the [previous section](#create-the-idv-vendor-in-okta).
+ * Set the `verificationMethod.id` to the Okta Persona IdP that you created in the [previous section](#create-the-idv-vendor-in-okta).
* Set `appSignOn` access value to `ALLOW`.
* Use the following [Okta Expression Language](/docs/reference/okta-expression-language-in-identity-engine/) object:
@@ -137,3 +137,26 @@ Ensure that you’ve created a user account and group for that user. For example
"type": "ACCESS_POLICY"
}
```
+
+## Test the integration
+
+You can test your integration by using the rule that you configured in the [previous section](#create-an-okta-account-management-policy-rule).
+
+1. Sign in to your org as the user that you created.
+1. Click your username.
+1. Go to **My Settings**.
+1. Select **Security Methods**, and then set up a new authenticator.
+
+If the IDV vendor is set up correctly, you’re prompted to verify your identity and redirected through the IDV flow. Then, the user you created can successfully enroll an authenticator.
+
+> **Note:** Review the [System Log](https://help.okta.com/okta_help.htm?id=ext_Reports_SysLog) if you encounter errors when testing the IDV flow. See [Identity verification events](/docs/guides/idv-integration/main/#identity-verification-events) for information about IDV events in the System Log.
+
+### Test image
+
+Use the following image if your verification template requires you to upload a photo. Save the image and then select it when you're prompted to upload a photo.
+
+
+
+
+
+
diff --git a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/persona/learningoutcome.md b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/persona/learningoutcome.md
index 2754fdeeab5..a5946939b4b 100644
--- a/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/persona/learningoutcome.md
+++ b/packages/@okta/vuepress-site/docs/guides/add-id-verification-idp/main/persona/learningoutcome.md
@@ -1 +1,25 @@
-See [Sandbox vs. Production Environments](https://help.withpersona.com/articles/6I2kGhfPvSuUjYq4z6tpmB/).
\ No newline at end of file
+##
+
+This document explains how to configure , an identity verification (IDV) vendor, as an identity provider (IdP) for your org. You can configure as an IdP in your org by creating an account with , adding it as an IdP in Okta, and then testing the configuration.
+
+
+> **Note:** works as an IDV vendor, but is listed as an IdP in the Admin Console. This guide refers to as an IDV vendor.
+
+---
+
+#### Learning outcomes
+
+Configure an IDV vendor so that your user’s identities are verified when they enroll a new authenticator.
+
+
+> **Note:** This guide describes the process for setting up an IDV flow in a sandbox environment of a app. In a sandbox environment, there is no actual identity verification that verifies your user’s identities. You can use the same configuration process in a production environment in your app.
+
+#### What you need
+
+* [Okta Integrator Free Plan org](https://developer.okta.com/signup)
+* An account with with access to a sandbox environment
+* A test [user account](https://help.okta.com/okta_help.htm?type=oie&id=ext-usgp-add-users) that you can use to enroll an authenticator
+* A test [group](https://help.okta.com/okta_help.htm?type=oie&id=usgp-groups-create) in your org that the test user is added to
+* A test [image](#test-image) to use as a proof of identity
+
+---
diff --git a/packages/@okta/vuepress-site/docs/guides/identity-providers/index.md b/packages/@okta/vuepress-site/docs/guides/identity-providers/index.md
index 55be406a22c..c8d1ff1d872 100644
--- a/packages/@okta/vuepress-site/docs/guides/identity-providers/index.md
+++ b/packages/@okta/vuepress-site/docs/guides/identity-providers/index.md
@@ -5,7 +5,7 @@ meta:
content: Okta supports both enterprise and social identity providers (social login).
---
-Okta integrates with many identity providers. Select an identity provider card to add [enterprise](#enterprise-identity-providers) or [social login](#social-logins) to your app.
+Okta integrates with many identity providers. Select an identity provider card to add [enterprise](#enterprise-identity-providers), [social login](#social-logins), or [identity verification](#enterprise-identity-verification-vendors) to your app.
Not sure what an identity provider is? See [External Identity Providers](/docs/concepts/identity-providers/).
@@ -22,6 +22,9 @@ Not sure what an identity provider is? See [External Identity Providers](/docs/c
## Enterprise identity verification vendors
+ CLEAR1
+ Custom IDV
+ IncodePersona
@@ -39,7 +42,7 @@ Not sure what an identity provider is? See [External Identity Providers](/docs/c
Login.govMicrosoftOpenID Connect
- Paypal
+ PayPalSalesforceSpotifyXero
diff --git a/packages/@okta/vuepress-site/docs/guides/idv-integration/main/index.md b/packages/@okta/vuepress-site/docs/guides/idv-integration/main/index.md
index 72da78b009c..40b2de68000 100644
--- a/packages/@okta/vuepress-site/docs/guides/idv-integration/main/index.md
+++ b/packages/@okta/vuepress-site/docs/guides/idv-integration/main/index.md
@@ -34,9 +34,11 @@ Okta supports three IDV vendors that admins can configure in the [Admin Console]
* [Persona](/docs/guides/add-id-verification-idp/persona/main/)
-* [CLEAR Verified](https://docs.clearme.com/docs/getting-started)
+* [CLEAR Verified](/docs/guides/add-id-verification-idp/clear/main/)
-* [Incode](https://workforce.developer.incode.com/docs/incode-okta-idv-configuration)
+* [Incode](/docs/guides/add-id-verification-idp/incode/main/)
+
+After you've integrated your IDV service with this process, it can be added as an identity provider (IdP) in orgs. See [Custom IDV vendor](/docs/guides/add-id-verification-idp/customidv/main/).
## How IDV vendors integrate with Okta
diff --git a/packages/@okta/vuepress-theme-prose/assets/css/okta/icons/classes.scss b/packages/@okta/vuepress-theme-prose/assets/css/okta/icons/classes.scss
index 6343f98c11f..6acbf79a27c 100755
--- a/packages/@okta/vuepress-theme-prose/assets/css/okta/icons/classes.scss
+++ b/packages/@okta/vuepress-theme-prose/assets/css/okta/icons/classes.scss
@@ -2067,7 +2067,21 @@ h1 {
background-image: url("/img/icons/idv_persona.svg");
}
+.icon.clear::before {
+ content: "";
+
+ background-image: url("/img/icons/idv_clear.svg");
+}
+.icon.incode::before {
+ content: "";
+ background-image: url("/img/icons/idv_incode.svg");
+}
+.icon.customidv::before {
+ content: "";
+
+ background-image: url("/img/icons/idv_custom.svg");
+}
.oktatookta-16::before {
content: $oktatookta;
diff --git a/packages/@okta/vuepress-theme-prose/util/frameworks.js b/packages/@okta/vuepress-theme-prose/util/frameworks.js
index 4ac3dc2b5ed..4c966b227d1 100644
--- a/packages/@okta/vuepress-theme-prose/util/frameworks.js
+++ b/packages/@okta/vuepress-theme-prose/util/frameworks.js
@@ -26,6 +26,9 @@ const COMMON_NAME_TO_FANCY_NAME = {
yahoojp: 'Yahoo! Japan',
smartcard: 'Smart Card',
persona: 'Persona',
+ incode: 'Incode',
+ clear: 'CLEAR1',
+ customidv: 'Custom IDV',
react: 'React',
preact: 'Preact',
vue: 'Vue.js',