Issue Strong MFA To Your Remote Workforce

Do not let physical separation hold your credentialing efforts back. IdExchange® enables organizations to enroll identity information, validate documents, and issue MFA credentials no matter where their workforce is located.



Self Enrollment

Self Enroll

Using specialized software or with the assistance of a remote enrollment agent, the applicant will capture their photo and identity documents using their mobile device or computer.



Utilizing the latest ID verification technologies including; liveness checks, facial recognition, document authenticity, and address verification, an authorized official will validate and approve the applicant’s identity.

Clear to Credential

Issue MFA

Upon approval, the applicant will be sent a strong MFA credential and registration code where they can encode different types of credentials including; PIV/CIV cards, YubiKey devices, Duo Security, and even Mobile Credentials.


Each phase of the process is governed by strict security controls designed to detect fraud or impersonation. The technologies and processes ensure that the identity was properly enrolled and verified in accordance with guidelines outlined by NIST Digital Identity Guidelines.

Security Controls By Phase

Applicant Pre-Registration and DeterminationPhase 1

Applicant Invitation

The organization will make a determination that an applicant needs identity proofing. After ensuring the applicant has a legitimate business need to be proofed and credentialed, the organization will send the applicant an invitation which outlines the steps to begin the identity proofing process.




  • Business Need: An authorized organization official must have documented a business need for the applicant.
  • Pre-registration: Applicant information (last name, first name, email address) is already on file with the organization.
Remote Identity CapturePhase 2

Applicant’s photo and identity documents are captured

The applicant will receive an invitation to perform the remote identity proofing capture process. This invitation will include instructions for obtaining the cature software or steps to schedule a supervised remote session. During this process, the applicant will capture their own photo, identity documents, and other information required by the enrollment process. This process will be performed at the applicant’s location using the applicant’s computing equipment (mobile device, laptop with webcam).




  • Liveness detection: The applicant must perform certain gestures to ensure they are capturing their information in real time.
  • Document Verification: The documents that are being captured will be reviewed for accuracy and authenticity:
  • Public records check: The applicant’s information will be verified against 3rd party sources.
ApprovalPhase 3

Identity Information Is Reviewed

An authorized official must review the captured documents, quality score and other related information. They will review the photo, captured identity documents, and related quality score indicators.




  • Separation of Duties: Authorization official is different than the requesting official to enforce separation of duties.
  • Data Review: The Authorization official is required to review the captured documents and associated documentation.
  • Secondary Verification: The Authorization official can request a supervised remote session where they remotely meet with the applicant to see the documents that were captured.
Credential ProductionPhase 4

MFA Credential Is Activated

Once the applicant has been approved, they are then assigned a credential registration code and mailed a credential to be activated. If the automated credentialing process is used, the credential will be first activated and locked, and then mailed to the applicant.




  • Credential Linking: The MFA credential will be verified and digitally linked to the applicant to ensure the applicant can only activate a known credential that has been pre-approved.
  • Applicant Verification: Applicant must use the one-time credential registration code to register and activate their credential.
  • Anti-Counterfeit: Prior to credential activation, the system will verify that the credential has been authorized for use. For example, if using a YubiKey the device serial number and attestation certificate will be verified for issuer authenticity before it can be activated by the applicant.
  • Delivery E-Signature: The credential will be sent to the verified address of the applicant. Once the process is complete, applicant must digitally sign that they have received their credential.


IdExchange® consolidates all separate identity systems including; directory services, credential management, certificate authority and identity proofing services into a single platform to streamline the entire identity proofing and credential distribution.

  • Capture identity documents without travelling
  • Eliminate hardware distribution expenses
  • Manage proofing and credentialing workflows through a single interface
  • Issue multi-use credentials (PKI, OTP, FIDO2)
  • Enforce security with multi-person controls, 3rd party validation, and credential authenticity
  • Use your current infrastructure (Directory, Certificate Authority)
  • Simple On-Premise, Turnkey installation
  • Major Vendor Support: HID CMS, HID Identity Proofing Service, YubiKey FIPS, Duo Security, Microsoft InTune, IdenTrust Certificate Authority