Fortytwo Managed Microsoft Entra Verified ID¶
Fortytwo's Managed Verified ID service provides a production-ready, enterprise-grade implementation of Microsoft Entra Verified ID, delivered as a managed proxy service. This eliminates the complexity of direct Microsoft integration while providing enhanced functionality and professional support.
Prerequisites:¶
- Microsoft Entra ID tenant (for ID Token credentials)
- HTTPS-enabled client application (if not using CheckID frontend)
- Webhook endpoint capability
- API key management system
- Brand assets (for white-label options)
Service Overview¶
What We Provide¶
- Standalone Verified ID Provider: Direct Microsoft Entra Verified ID integration service
- Multiple Credential Types: Government ID, Mobile Driver's License, Employee credentials, ID Token, and ID Token Hint
- Production-Ready Infrastructure: Kubernetes-hosted, auto-scaling, enterprise-grade
- Simplified APIs: Unified endpoints for issuance and verification
- CheckID Frontend Integration: Optional web-based identity verification frontend
- White-Label Solutions: Fully customizable branding and user experience
- Professional Support: Implementation guidance and ongoing technical support
- Compliance Ready: Built with enterprise security and audit requirements
Business Benefits¶
| Benefit | Traditional Approach | Fortytwo Managed Service |
|---|---|---|
| Time to Production | 3-6 months | 6 weeks |
| Integration Complexity | High - Direct MS APIs | Low - Simplified proxy |
| Infrastructure Management | Self-managed | Fully managed |
| Support Model | Community + MS Support | Professional Fortytwo support |
| Credential Branding | Microsoft-branded | Fortytwo or White-labeled |
| Multi-tenant Ready | Custom implementation | Built-in |
| Frontend Included | Build your own | Optional CheckID frontend |
Architecture¶
Standalone Verified ID Provider¶
Client Applications
│
│ API Calls
▼
┌───────────────────────────┐
│ Fortytwo Verified ID │ ◄── Standalone Service
│ Provider Service │ ◄── No User Data Storage
│ (.NET 8 Minimal APIs) │ ◄── Enterprise Security
└───────────┬───────────────┘
│ Forward Requests
▼
┌───────────────────────────┐
│ Microsoft Entra │
│ Verified ID Service │
└───────────────────────────┘
Optional CheckID Frontend Integration¶
End Users
│
│ Web Interface
▼
┌───────────────────────────┐
│ CheckID Frontend │ ◄── Optional Web UI
│ (Identity Verification) │ ◄── User Experience Layer
└───────────┬───────────────┘
│ API Calls
▼
┌───────────────────────────┐
│ Fortytwo Verified ID │ ◄── Core Provider Service
│ Provider Service │ ◄── Credential Management
└───────────┬───────────────┘
│
▼
┌───────────────────────────┐
│ Microsoft Entra │
│ Verified ID Service │
└───────────────────────────┘
Core Services¶
- Verified ID Provider: Core credential issuance and verification service
- API Gateway: Request routing, authentication, and rate limiting
- Request Transformer: API mapping and validation
- Response Formatter: Standardized response formatting
- Webhook Forwarder: Event relay to client systems
- Monitoring & Audit: Comprehensive logging and metrics
Supported Credential Types¶
1. Employee Credential¶
Professional employee verification with customizable claims.
Claims Included: - Employee ID, Display Name, Email - Department, Job Title, Country Code - Identity Provider, Verification Level - Onboarding Date
Use Cases: - Employee verification for system access - Cross-organizational collaboration - Temporary worker verification
2. Government ID Credential¶
Government-issued identity document verification.
Claims Included: - Document type and issuing authority - Personal identification data - Document validity status
3. Mobile Driver's License (mDL)¶
Digital driver's license verification compliant with ISO 18013-5 standards.
4. ID Token Credential¶
Entra ID-based identity credential for existing enterprise users.
5. ID Token Hint Credential¶
Direct claims-based credential issuance for custom scenarios.
Frontend Solutions¶
CheckID as Frontend Option¶
CheckID serves as an optional web-based frontend that provides a complete user experience for identity verification and credential management:
CheckID Frontend Features: - Web-based Identity Verification: User-friendly interface for credential requests - QR Code Display: Seamless mobile wallet integration - Real-time Status Updates: Live progress tracking for users - Multi-language Support: Localized user experience - Responsive Design: Works across desktop and mobile browsers
Integration Options¶
Option 1: Verified ID Provider Only
- Direct API integration - Build your own user interface - Full control over user experienceOption 2: CheckID Frontend + Verified ID Provider
- Ready-to-use web interface - Faster implementation - Professional user experience includedOption 3: White-Label Solution
- Fully customized branding - Your domain and certificates - Complete white-label experienceCheckID Frontend Workflow¶
- User Access: User visits CheckID web application
- Identity Selection: Choose verification method (Gov ID, Employee, etc.)
- Credential Request: CheckID calls Fortytwo Verified ID Provider
- QR Code Display: User scans QR with Microsoft Authenticator
- Real-time Updates: CheckID shows progress and completion status
- Integration: Results forwarded to your backend systems
White-Label Options¶
Complete Branding Customization¶
Transform the service to match your organization's brand and requirements:
Frontend Customization:
- Custom Domain: Use your own domain name (e.g., credentials.yourcompany.com)
- Brand Assets: Your logos, colors, fonts, and styling
- Custom Messaging: Tailored user instructions and help text
- Localization: Support for your preferred languages
- SSL Certificates: Your own SSL certificates and security policies
Credential Branding: - Issuer Identity: Credentials issued under your organization's name - Custom Logos: Your organization's logo on digital credentials - Brand Colors: Credential cards match your brand palette - Custom Claims: Organization-specific data fields and validation
API Customization: - Custom Endpoints: API paths that match your naming conventions - Response Format: Customize JSON structures to match your systems - Webhook Integration: Events delivered with your preferred payload format - Rate Limiting: Custom limits based on your usage patterns
White-Label Deployment Models¶
Shared Infrastructure (Standard) - Your branding on shared Fortytwo infrastructure - Cost-effective for most organizations - Standard SLAs and support
Dedicated Instance (Enterprise) - Dedicated infrastructure for your organization - Enhanced security and isolation - Custom SLAs and compliance requirements - Premium support and monitoring
Hybrid Model (Custom) - Mix of shared and dedicated components - Tailored to specific security or compliance needs - Custom pricing and support agreements
White-Label Implementation Process¶
Week 1-2: Brand Configuration - Brand asset collection and integration - Domain setup and SSL configuration - Custom styling and UI adjustments
Week 3-4: Service Customization - API endpoint customization - Credential definition branding - Webhook payload formatting
Week 5-6: Testing & Deployment - End-to-end white-label testing - Domain verification and go-live - Documentation and training delivery
Implementation Guide¶
6-Week Quick-Start Program¶
Week 1 - Planning & Analysis - Requirements gathering and use case selection - Integration architecture design - White-label requirements assessment - Security and compliance review
Weeks 2-3 - Service Enablement - Fortytwo service configuration - Credential definition setup - CheckID frontend configuration (if selected) - Test environment provisioning
Weeks 4-5 - Integration & Development - API integration development - User journey implementation - Webhook endpoint setup - Brand customization (white-label)
Week 6 - Testing & Production Deployment - End-to-end testing - Production deployment - Documentation handover and training
Security & Compliance¶
Security Model¶
- Client API Key Authentication: Secure client identification
- Rate Limiting: Per-client request throttling
- Audit Logging: Comprehensive request/response logging
- No User Data Storage: Stateless provider architecture
- Encrypted Transport: TLS 1.3 for all communications
- Domain Isolation: White-label domains with dedicated security policies
Data Handling¶
What We Store: - Client configuration and API keys - Request audit logs (no PII) - Operational metrics - Webhook URLs and configurations - Brand assets and customization settings
What We DON'T Store: - User credentials or personal data - Session information - Authentication state - Issued credential content
Compliance¶
- GDPR Compliant: No personal data retention
- SOC 2 Type II: Annual compliance audits
- ISO 27001: Information security management
- Azure Security: Leverages Microsoft's enterprise security
- Custom Compliance: White-label options support additional compliance requirements
Support & SLA¶
Service Level Agreement¶
| Metric | Standard | White-Label Enterprise |
|---|---|---|
| Uptime | 99.9% | 99.95% |
| Response Time | < 200ms (95th percentile) | < 100ms (95th percentile) |
| Support Response | < 4 hours (business hours) | < 2 hours (24/7) |
| Resolution Time | < 24 hours (P1 issues) | < 12 hours (P1 issues) |
Support Tiers¶
Professional Support (Included): - Email support (business hours) - Integration documentation - Basic troubleshooting - CheckID frontend support
Enterprise Support (White-Label): - 24/7 support availability - Dedicated technical account manager - Custom integration consulting - Priority feature requests - Brand customization support - Custom compliance assistance
Pricing Model¶
Standard Service: - API Call Volume: Tiered pricing based on monthly calls - CheckID Frontend: Included at no additional cost - Setup Fee: One-time configuration and onboarding
White-Label Options: - Custom Branding: One-time setup fee + monthly branding license - Dedicated Instance: Monthly infrastructure cost - Premium Support: Annual support contract - Custom Development: Professional services hourly rate
Contact: verified-id@fortytwo.io