| title | description | category | subcategory | layout |
|---|---|---|---|---|
Identity Proofing Testing |
Tips and tricks for testing identity verification ("proofing")
|
AppDev |
Development |
article |
We operate a number of different environments, and testing behavior is different in our lower environments (such as int or dev).
You can use a [sample partner application]({% link _articles/appdev-cloud-gov-deploy.md %}) to start an identity-verified authentication.
Remember that prod and staging are typically hitting real vendors; but other environments typically use our "mock proofers" which simulate different experiences.
At the sample application, you need to choose a "Level of Service" which simulates the different request types that a partner agency might send to Login.gov:
- Identity-verified is our legacy identity proofing experience, which does not require a biometric comparison.
- Biometric Comparison is our new identity proofing experience, which either requires a remote biometric or requires that the user completes in-person proofing.
Currently an account can only be verified once. When testing in lower environments, we encourage creating new accounts to re-test the proofing flow using this Gmail trick.
Add + and some extra bits after your username to create a new email address that routes to your
same inbox. For example, if your GSA email is:
You can make extra accounts like:
first.last**+1**@gsa.gov
first.last**+2**@gsa.gov
first.last**+abcdef**@gsa.gov
And as an easy way to keep track of the emails, consider date-stamping them:
first.last**+20210704**@gsa.gov
Instead of uploading images of IDs (since we aren't supposed to have PII in sandbox environments), you can upload a specially-formatted YML file.
Our developer docs have sample SSNs to get desired behavior.
See [Device profiling and fraud detection]({% link _articles/device-profiling.md %}) for testing details.
We also have sample phone numbers to generate various proofing responses.