Face Authentication
Authenticates the user using biometric face comparison
Description
This step authenticates the user by biometrically comparing their live selfie with the reference selfie already securely stored by Mosaic. This step leverages Mosaic Identity Verification powered with advanced AI-driven facial recognition technology. For example, face authentication can be used to step up authentication for high-risk actions or to confirm user identity in the account recovery scenarios.
Before initiating authentication, the journey must obtain the user identifier, for example, using a form, and a selfie using the Selfie Acquisition step. When executed, the Face Authentication step validates that both the live selfie captured in a previous step and the reference one match and belong to the specified user identity.
If successful, the journey sets the user context to the authenticated user and continues to the next step. Tokens generated for the authentication can be accessed in subsequent steps using @policy.userContext().
If it fails (e.g., selfies don't match), the journey proceeds to the failure branch (if specified); otherwise, the journey is aborted and an error is sent to the client.
To support face authentication, you'll need to:
- Ensure a user has a reference selfie registered for the application. This includes collecting a reference selfie using the Selfie Acquisition step, implementing required Identity Verification SDK calls, and registering the selfie using the Register Face step
- Configure the Login Form step, build the supporting UI, and implement the Orchestration SDK call that submits input for the Login Form step
- Configure the Selfie Acquisition step and implement Identity Verification SDK calls required for submitting a selfie
- Configure the Face Authentication step
Configuration
| Field | Description |
|---|---|
| External user ID | User identifier of the authenticating user, specified as an expression. |
| Error output variable | Name of the variable that stores any errors returned by action |
| Failure behavior | Determines the behavior in case of failure, which either aborts the journey or proceeds to a failure branch of the control flow (default). |
Example
Suppose a login form is used to collect a username from the user. The input will be stored in a variable named loginData. The face authentication is the only enabled authentication option and its schema contains username.
The authentication step obtains the external user ID from the form output (loginData.username) and the selfie data from the journey context. Once the selfie is validated against the reference image stored by Mosaic, the step receives a result and is considered complete.
