Integrate with Ekata for Identity Verification

CyberArk Identity integrates with Ekata to provide seamless identity verification as part a sign-up workflow using the CyberArk signUp API. Ekata is a data-centric IDV vendor, where CyberArk embeds the Ekata account opening API into the CyberArk Identity user sign-up workflow to check for high-risk users, and take appropriate actions based on the user risk score. Once Ekata Identity Verification is integrated with CyberArk Identity, all external users that sign up to access an external application go through the Identity verification process using Ekata as the IDV solution.

The information in this section should be used in conjunction with the information in Configure Identity Verification in the CyberArk Identity Admin Portal.

Prerequisites

  • Make sure you have purchased a subscription to Ekata (integrating Ekata with CyberArk Identity requires you to have an active subscription).

  • Register with Ekata to get an API key for the Ekata account opening API (for details, see https://ekata.com/products/account-opening-api/).

  • Make sure Ekata Pro Insight in the Ekata dashboard is available if you intend to enable the link Analyze in Ekata ProInsight in the Identity Verification Details page.

Configure Ekata settings in the Admin Portal

The following information covers settings specific to the Ekata integration. For additional details on configuring Identity Verification solutions, see Configure an Identity Verification workflow.

Step 1: Configure Connection Settings:

  1. In the Admin Portal, select Settings > Users > Identity Verification.

  2. Select Ekata from the drop-down menu to configure the connection.

  3. Check Link to Ekata Pro Insight to enable a link to Ekata Pro Insight.

    If the Link to Ekata Pro Insight is checked, an Analyze in Ekata ProInsight link is visible in the Identity Verification Details page and on approval requests. Clicking the link takes you to the Ekata Pro Insight dashboard for the selected user.

  4. Click Next.

Step 2: Configure the Identity Verification Script for user sign up (also refer to Modify the Identity Verification script Objects and Methods).

Configure the Identity Verification script and make sure it includes the following:

  • API Key for your Ekata account opening API

  • Request URL to make a request to the account opening API

  • The createWebRequest() method (this is used to pass the request URL and to generate the Ekata IDV solution)

Click Load Template and select Ekata IDV.js for a sample script and additional information.

The response received contains the Account Opening API response (see https://ekata.com/developer/documentation/api-overview/#tag/Account-Opening-API). The Ekata response is used to generate sign-up approvals or to create users based on the rules in the Identity Verification script. See the following example for the response structure of the createWebRequest() method:

“Success”: true,
“Result”: {
“email.first_seen_days”: null,
“address.to_name”: null,
“identity_risk_score”: 498,
“email.valid”: false,
“phone.carrier”: null,
“ip.last_seen_days”: 1,
“phone.email.first_seen_days”: null,
“address.validity_level”: “invalid”,
“ip.risk”: false,
“phone.valid”: false,
“phone.country_code”: null,
“phone.last_seen_days”: null,
“ip.phone_distance”: null,
“identity_network_score”: 0.992,
“ip.address_distance”: null,
“email.to_name”: null,
“phone.line_type”: null,
“warnings”: [
“Email: Invalid top-level-domain (TLD) in address”
],
“phone.to_name”: null
},
“Error”: null,
“HttpStatusCode”: 200
}
The Ekata request and response is shown in the Admin Portal > Core Services > Users > Identity Verification Details page.

Step 3: Configure additional settings for the Manual Sign-up Approvers List and Sign-up Email Settings.

Refer to the following sections for more information: