# Identity verification flows

Mosaic helps businesses verify the identity of their customers. Depending on the use case, it can be done using government-issued ID documents or face biometrics.

## Document verification

The document verification process allows you to securely verify the identity of your customers using documents like their driver’s license or passport. Mosaic performs [verification checks](/guides/verify/identity_verification_checks) that validate the authenticity of the document, biometrically match the current user with the photo in the document, and assess the risk of the current session.

Once the process is completed, all the verification checks are processed to create an aggregated result so you'll know how to proceed (see [Verification result](/guides/verify/identity_verification_result)). After a successful check, you can enable your customers to perform further operations, for example, allow them to register in your app or open a new bank account online.

## Face authentication

Face authentication allows your app to reliably confirm a customer's identity by biometrically matching a live selfie to a reference vector stored by Mosaic. Unlike passwords or one-time codes, face biometrics are inherently tied to the individual and cannot be shared, forgotten, or phished. Face authentication is great for scenarios where strong identity assurance is required, such as account recovery, step-up verification for high-risk operations, or replacing passwords entirely for day-to-day login.

In the face authentication flow, Mosaic verifies the liveness of the user's selfie to ensure this is a live person and then compares the selfie to a reference image vector previously collected by Mosaic (see [Selfie & liveness check](/guides/verify/identity_verification_checks/#selfie--liveness-check)). After a successful check, the user gets authenticated in your app and you can enable them to proceed with the action they requested, for example, to reset their primary email address.

Mosaic supports two face authentication scenarios depending on where the selfie is captured:

### Single-device flow

The entire process takes place on a mobile device—the app captures a selfie and validates it against the stored reference within a single session. This is ideal for mobile-first applications such as banking login, transaction approval, or account recovery. For implementation details, see [Face authentication](/guides/user/auth_face).

### Cross-device flow

The user begins on a desktop or laptop, and the web app hands off the selfie capture to a mobile device via a QR code. This is useful in enterprise environments or when the user doesn't have access to the organization's mobile app—for example, contractors or external partners authenticating through a web portal. For implementation details, see [Cross-device face authentication](/guides/user/auth_face_cross_device).