Specops Verified ID

Specops Verified ID enables organizations to securely verify user identities using government-issued identification. During verification, the user scans an identity (ID) document such as a passport, national ID card, or driver’s license and completes a live selfie check. The system compares the photo on the identity document with the live capture to confirm that the user is physically present and matches the document holder. Verified attributes from the identity document, including name and date of birth, are then validated against the user record provisioned in Active Directory.

Specops Verified ID supports a broad range of government-issued identity documents used worldwide.

A key use case for Specops Verified ID is Secure Service Desk verification. Users calling the service desk in organizations using Specops Secure Service Desk can verify their identity using government-issued identification, enabling service desk agents to securely confirm the caller’s identity before performing account-related actions.

Specops Verified ID can also be used to securely onboard new employees by verifying their identity when setting their first-day password.

Specops Verified ID is accessible to end users through the Specops:ID mobile app, available for iOS and Android, or through a standard web browser. With the Specops:ID mobile app, users can enroll with government-issued identification through Specops Verified ID or other authentication factors. Enrollment uses the mobile device’s biometrics (fingerprint or facial recognition) or a device PIN to help secure the enrolled authentication method.

With the web browser flow, users can complete identity verification and authentication without using the Specops:ID mobile app. If the web browser flow is started on a desktop device, the user must switch to a mobile device to scan the ID document and complete the face liveness check, since desktop web camera quality is generally insufficient for reliable verification.

Configuring Specops Verified ID

To set up Specops Verified ID for the first time:

Log in to the Specops Authentication Web: https://login.specopssoft.com/authentication/admin
In the left sidebar, select Identity Services, then select Specops Verified ID.
Under Verification method, select how users should verify their identity using Specops Verified ID.
- Specops:ID app: Users verify their identity with the Specops:ID mobile app.
- Web browser: Users verify their identity from a web browser.
- Both: Users will be able to choose between the two methods.
Go to Document settings.
1. Under Name matching, choose a Name similarity level to control how much variation is allowed between the user account name and the name on the ID document. This is useful if the scan misses a letter or if the account name contains a spelling error.
  - Exact match: Names must be identical.
  - Strict match: Very small differences only. This is the recommended setting.
  - Fuzzy match: Moderate tolerance for common spelling variations and small typos.
  - Loose match: Highest tolerance; allows more variation but increases the chance of matching similar-looking names that do not belong to the same person.
2. Under Date of Birth matching, enable Match user on date of birth to compare the date of birth in the user account with the date of birth on the ID document. If enabled, select at least one date of birth rule: Year or Month & Day.
Note

Name matching is always used. To use Date of Birth Matching, users must be pre-enrolled with the 'Add-SAVerifiedIdEnrollment' Powershell Cmdlet using the BirthYear, BirthMonth, and BirthDay parameters. Note that the Date of Birth value is stored in Active Directory as an encrypted hash, not the actual date.
Go to Face settings.
1. Under Liveness verification, choose one of the following options to verify that the user is physically present in front of the camera:
  - Active Verification: Stricter and helps reduce spoofing risk.
  - Passive Verification: Easier for users but may be less strict.
    
    Note
    
    It is recommended to start with active verification unless your organization has a strong reason not to.
2. Under Face matching, adjust the Similarity percentage value for the face similarity threshold. The threshold is used when comparing a user's live capture with their ID document photo.
  - Higher threshold: Stronger security, potentially more false rejections.
  - Lower threshold: Smoother user experience, potentially weaker matching.
    
    Note
    
    It is recommended to use the default value initially, then tune it based on real support outcomes.
Save the configuration and confirm that the save was successful.
Perform a real end-to-end test with a test user, see Authenticating with Specops Verified ID.

Authenticating with Specops Verified ID

If you are using the Specops:ID mobile app to authenticate, make sure it is installed on your mobile device.

After entering your username and password, choose Specops Verified ID as the identity service.
A QR code is displayed in Specops Authentication Web, depending on verification method:
- If authenticating through the Specops:ID mobile app, scan the QR code using Specops:ID and tap Continue.
- If authenticating through a web browser on your computer, scan the QR code with your mobile device and open the link in your mobile web browser.
- If authenticating through a web browser on your mobile device, use Tap to start verification.
Follow the instructions to scan your ID document with the camera.
To verify liveness, follow the instructions and take a selfie with the camera.
After successful authentication, you are logged in to your Windows account.

Troubleshooting

From a support perspective, the authentication process has five stages:

Session start
- A verification session is created for the user.
ID document capture
- The user scans an ID document.
Face capture
- The user performs a live face check.
Comparison and validation
- ID document and face results are evaluated against configured rules.
Outcome
- The authentication flow ends in success, retry, or failure.

This model helps support teams to quickly identify where users are stuck.

See the next sections for common user issues and what to check.

Users cannot start verification

Check:

Specops Verified ID is enabled for the customer
The user is in scope for the policy
Required URLs must be accessible through the firewall to enable connection to Specops Authentication (see URL Allowlists).

Many users fail at the ID document capture step

Check:

Document matching rules are not too strict for your user population
Users are scanning supported ID document types

Many users fail at the face capture step

Check:

Camera quality and lighting conditions
Liveness verification mode (active vs passive)
Face matching threshold is not set too aggressively

Users report random timeouts

Check:

Session duration expectations in user guidance
Network stability between user devices and service endpoints
Whether users pause too long between steps

Save works but verification still fails

Check:

A fresh test session was used after configuration changes
Policy assignments include the target users

Go-Live Recommendation

Before a broad rollout:

Run a pilot with a small user group
Measure failure reasons for one to two weeks
Adjust threshold and matching strictness gradually
Publish end-user guidance with screenshots and retry tips

Hand-off Information for Escalation

When escalating to technical teams, include:

Time of failure
Affected user count
Stage where failures occur (start, ID document, face, completion)
Error wording shown to users
Whether issue is tenant-wide or limited to a subset

This shortens time to resolution significantly.