Streamline mobile identity proofing with address verification
Incognia enables real-time address verification for streamlined mobile onboarding, resulting in increased account conversion and reduced application fraud. It leverages device intelligence and anonymized location behavior to deliver highly precise address verification for frictionless onboarding.
Incognia’s lightweight mobile SDK and intuitive APIs are easy to integrate, can be used alone or as an input into existing risk engines, and provide financial services and mcommerce applications with actionable intelligence from day 1.
Minimizes friction at onboarding and recognizes trusted users with real-time address verification. Reduces the costs of manual reviews.
Works silently in the background, requiring no action by the user. Removes friction for legitimate users, increasing conversions and detecting fraud.
Detects mobile fraud using device intelligence and location behavior with low false positive rates. Monitors device integrity to uncover spoofing and emulators.
Incognia supports mobile identity verification processes by leveraging device intelligence and location behavior to deliver highly precise address verification. This guide details how to use Incognia at new account onboarding in combination with Auth0, by installing both SDKs into your mobile app and activating a custom rule to communicate to Incognia servers.
As soon as your app starts, the Incognia SDK must be initialized. When the new user starts the sign up your app gets the Installation ID (provided by the SDK) to pass them through Auth0 as a custom parameter. Your app then initiates an authentication request to Auth0.
When executed, the Incognia Auth0 Rule communicates with the Incognia Onboarding API to gather the risk assessment for both the new device and user provided address. The default Rule relies on the existence of a
home_address property on the
user_metadata with the user mailing address. You can customize the rule to change the source of the address.
- An Auth0 account and tenant. Sign up for free.
- An Incognia account. Sign up here.
- A mobile app to install the Incognia SDK. The app must ask the user for location permission. Foreground location permission is mandatory and background is preferred.
Add the Auth0 Rule
Please note: Selecting any of the three buttons on the Edit Rule screen will save and activate the Rule. After you install the Rule, Auth0 will skip it until you add the required configuration (explained below).
- Select Add Integration (at the top of the page).
- Activate the integration by selecting Save Changes.
To learn more about testing and debugging Rules, see Debug Rules.
Configure the Auth0 Rule
Note: Once you add the required configuration below, Auth0 will process all logins for your tenant using this Rule. Before activating the integration in production, please make sure you have configured all components correctly and verified on a test tenant.
- Go to Auth0 Dashboard > Auth Pipeline > Rules.
- Check the tenant name (on the top right of your screen).
- Scroll down and locate the Settings section.
- Add the following keys (to learn more, see Rules Configuration):
INCOGNIA_CLIENT_ID: The client ID obtained from Incognia's dashboard (My Apps > API Credentials)
INCOGNIA_CLIENT_SECRET: The client secret obtained from Incognia's dashboard (My Apps > API Credentials)
By default, the Incognia Rule grabs the user address from
user_metadata.home_address. Optionally, you can customize the name of the property that holds the user address by changing the
Also, in case you chose Brazil as the country when signing up at Incognia, please set the
INCOGNIA_REGION configuration to
br. Otherwise, don't mind filling this property.
Integrate the Incognia mobile SDK
Incognia relies on a SDK that collects device and location behavior (Wi-Fi and GPS scans). Integrating the SDK gives you access to an Installation ID, which is used to interact with the Incognia APIs. Learn how to integrate the SDK by accessing the Auth0 partner page.
Using the Incognia risk assessment
The risk assessment result is made available on the
app_metadata user metadata property, which is accessible to downstream applications. You can either access it from other Rules or via the Management API. For suggestions on how to use the Incognia risk assessment, visit the Auth0 partner page.