Overview of KBA

An overview of the KBA Only workflow.


KBA Only ("knowledge based authentication") is one of five standardized, best practice workflows that ID DataWeb offers. Knowledge based authentication utilizes challenge questions that require highly personalized knowledge to verify a person's identity in real-time. Additionally, it screens each verification session for indicators of risk and nefarious behavior.

Knowledge based authentication is an available verification method for the United States and is not available internationally at this time.

Dynamic KBA Process

  • 0 - Country Selection. The user is asked to select the country which they live in.
    • If they select US, UK or Canada - they will proceed to MobileMatch. For any other countries, they will proceed directly to BioGovID (step 2.)
    • Passive risk analysis is also performed at this step - if the user is deemed high risk (TOR browser, bot behavior, blacklisted IP address) - they will be immediately denied and prevented from proceeding.
  • 1a - Additional PII collection. The user will be asked to enter their date of birth. This is necessary to resolve their specific identity to generate accurate questions.
  • 1b - Knowledge Based Authentication question challenge. In this step, the user is asked 3 multiple choice questions which are specific to their banking, education, employment, and/or property history. The user completes the questions, and submits. If the user gets 2/3 correct or more, they are approved. If they do not, they are asked to retry, and new questions are generated. If the questions are correctly answered, the user is approved. If not, the user is denied.

Integration and Testing

  • If your workflow is set to use test data, please follow the instructions here to test this workflow.
  • Standalone testing - If this is a pilot, use the link sent to you in the Pilot kick off email. To signup for a pilot, click here.
  • If you've created a workflow yourself, you can use the "Copy Link" feature to get a test link.
  • If you are looking to do a OpenID connect integration with your application, add your workflow's client id, secret, and scopes to your OpenID connect client, OR follow the process outlined here. Note, you'll need to register your application's redirect URL on your workflow.
  • If you are looking to do an API integration, review the steps outlined here: KBA Only
  • If you are looking to hook a verification workflow into one of your existing IAM tools, we more than likely have an integration or package waiting for you! Reach out to your Solutions Architect or account rep for more details.