A process defines what you want to expose to your end users:

• Identity verification methods
• Additional documents to collect
• Other parameters and validation rules

➔ To create a new process:

• Click on the Processes tab
• Then click on Add a process

✏️ The process creation is done in 8 steps:

1️⃣ General information  
2️⃣ Remote identity verification methods  
3️⃣ Information input  
4️⃣ Documents to be sent to the business service  
5️⃣ Selection of validation rules  
6️⃣ Settings
7️⃣ User interface customization
8️⃣ Finalization

In this step, you can:

✅ Name your process

✅ Define expiration times

✅ Add preliminary information

Required field.

—

- Non-started enrolment: time before the user begins their enrollment

- Started enrolment: time allowed for the user to complete the process

- End of enrollment processing: maximum time to process the file

If the allocated time for the first two delays is exceeded, the file status will switch to CANCELED. For the third one, it will be marked as FAILED.
⚠️ A cron job runs every 15 minutes to update statuses. This means that the status update can occur up to 15 minutes after the expiration time.

—

Not editable 86400 minutes (= 2 months).

Duration before the file is archived. This also defines how long you can access uploaded identity documents, selfies, and supporting documents from the admin platform.

⚠️ A cron job runs once a day to switch files to DELETED. This means the status update may happen up to 24 hours after the expiration.

—

The maximum number of devices that can be used during the enrollment process can be configured here.

• 0 means no device limit is applied.
• 1 means the user cannot switch devices during the enrollment journey.
• 2 means the user can switch devices during the enrollment journey one time.

If the configured device limit is exceeded, the user is not blocked and no alert is displayed. However, the enrollment result will be set to KO.

—

By default, the user must click “Continue” to be redirected to your business website. To skip this step and redirect automatically, check this box.

—

If you do not allow identity document upload on desktop, users will need to switch to their mobile phone. They can scan a QR code, receive an email, or receive an SMS if this box is checked.

—

Antivirus is a requirement for some clients based on their internal security policies (PGSSI). This is an optional paid feature. If you're interested, contact your Customer Success Manager.

—

Mandatory checkbox : this option must be checked to enable retry mechanisms within the journey. The user has an initial attempt and can make up to 3 retries.

—

Defines the maximum waiting time for the user before moving to the next step at the end of the process (even if processing isn’t complete). Max duration: 30 minutes.

—

Company name that will be shown at the end of the process, before redirection. If left empty, the name of the company associated with the process will be displayed.

—

- Full: includes all extracted data, MIE results, and all document checks

- Age proof: anonymous report limited to age verification only

—

Display your custom T&Cs before finalizing the process.

User side:

We offer two levels of identity verification:

• Substantial: equivalent to an in-person identity check.

• Non-substantial: provides a high level of probative value depending on configuration.

—

It is possible to select multiple verification methods within the same process, allowing the user to choose the identification method that suits them best.

⚠️ Note: an exception applies – it is not possible to combine PVID and the customizable online process in the same configuration.

PVID and the Customizable Online Process are two identity verification methods offered with different levels of control.

• User awareness of the actions to be performed
• Consent collection and Terms of Use
• ID document capture and verification
• Selfie capture and verification depending on the selected process

ℹ️ Customizable Online Process specificity: the holder check is *not mandatory*, unlike with PVID.

ℹ️ PVID specificity: a human operator reviews the documents when automated results are successful.

—

For testing purposes, to bypass the human review step, you must enable the following option in the process configuration:

“The user must wait, in the final step, for the end of processing before returning to the business site.”

This verification method relies on the use of the mobile app “Identité Numérique La Poste”.

• Enter the phone number
• Push notification sent via the “Identité Numérique La Poste” app
• Authentication using the secret code of the Digital Identity

FranceConnect+ allows the user to authenticate using existing official accounts. Authentication is done with the username and password of the selected platform.

The Sistema Pubblico di Identità Digitale (SPID) is the Italian standard for digital identity. Issued by certified providers (postal services, banks, telecom operators, etc.), it provides each citizen with a unique identifier, protected by multi-factor authentication.

Check font type: A font check of the MRZ band is available. However, if the photo of the identity document provided by the user is of insufficient quality, this check may result in a higher number of failures (KO) and cause a slight increase in processing time.

—

Detection of monochrome: If the uploaded identity document is monochrome, it will be rejected.

—

Detection of alteration and modification of the photo of the title: This check detects anomalies (wave patterns, RF, pasted photos).

—

Extraction and control of information: The MRZ is automatically corrected, and the checksum verification is performed.

—

Detection of attack by presentation: If the uploaded or captured photo comes from a screen, it will be rejected.

—

Allow document upload:

• On smartphone: The user can scan or upload their document.
• On PC: The user must upload their document.

💡 For the selfie, it is recommended to use a smartphone for better image quality.

—

Verify the existence of both sides of the document: If two sides are required and only one is provided, the file will be marked as KO.

This person must be acting on behalf of a legal entity

• If the identity is listed in the KBIS:

• Step 1: Identification of the natural person
• Step 2: Collection of the KBIS

• If the identity is not listed in the KBIS:

• Step 1: Identification of the natural person
• Step 2: Collection of the KBIS + Mandate + Copy of the ID document of the mandator

📌 Verification zones: MANAGEMENT, EXECUTIVE, ADMINISTRATION, CONTROL, ASSOCIATES OR MEMBERS

The mandate being a non-standardized document, it is only collected by ID360.

—

Capture the identity document if the user chooses an EIM

• Step 1: Identification via FranceConnect(+) or La Poste Digital Identity
• Step 2:
  1. On PC: Upload of the identity document
  2. On smartphone: Upload or capture of the identity document

📎This document is only collected, with no additional verification.

—

Enable use of rear camera for third-party photo-taking

Allows a helper to assist the user during selfie capture by activating the rear camera.

—

Visual control of the document type

Allows visual verification to check if the document matches a known template.

🔧 Bêta fonctionnality 🔧

—

Split address on identity documents

The address will be split into street number, street name, postal code, and city.

🏡 To ensure an up-to-date proof of address, it is preferable to request a separate proof rather than relying on the ID document address.

By enabling this feature, the user will be required to manually enter the desired information.

—

Example If you configured the collection of email address and mobile phone number (with SMS verification), the user will input these values and receive a code by SMS.

For your information, the OTP code can be sent a maximum of 3 times, at a rate of one send per minute.

—

🔧 If your use of ID360 relies entirely on our APIs and the end user is never redirected to the ID360 identification URL, this feature allows you to compare collected data. For example, if you expect Mr. Y to be onboarded, you can use ID360 API calls to ensure that the extracted identity matches Mr. Y and not Mr. Z.

The entered last name is compared with both the birth name and the usual name.

🔧 If you still want to perform such checks while redirecting the user to the ID360 identification URL—without letting them modify the expected data, an API method is available to push this data into the system (see: Developer Guide).

🔧 The algorithm used is a fuzzy matching.

ID360 uses a three-step approach to compare strings. The goal is to enable reliable comparisons even when strings contain accents, special characters, or linguistic variations.

The first step is to remove accents and diacritical marks to standardize the comparison. This allows words to be compared as if they were written using only standard ASCII characters.

Example:

• élodie → elodie

Thus, *élodie* and *elodie* will be considered identical at this stage.

Once accents are removed, ID360 applies a generic transliteration. This process converts non-ASCII characters (such as letters specific to certain languages) into their most common Latin alphabet equivalents. The original language of the word is not taken into account here — only a standard transliteration is applied.

Examples:

• weiß → weiss
• düker → duker

This step makes it possible to harmonize strings originating from different languages without knowing the linguistic context.

The final step performs a contextual transliteration, taking into account the original language of the text. For identity documents (passports, national ID cards, etc.), the language used corresponds to the issuing country of the document.

As a result, some letters are transformed differently depending on the language.

Examples:

• For Germany (DE)* :
• Jörg → Joerg
• Düker → Dueker

• For France (FR)* :
• Jörg → Jorg
• Düker → Duker

This language-aware transliteration provides a comparison more faithful to the document’s context.

• Specific transliteration rules depend on the country of origin.
• European countries are generally less affected by these differences, but Germany is a notable exception, as its rules are frequently used in official documents.
• Other countries may apply their own conventions depending on their civil registry standards or national requirements.

ID360 compares strings through a progressive process:

1. Character normalization (removal of accents)
2. Universal transliteration (generic conversion of non-ASCII characters)
3. Contextual transliteration (conversion adapted to the document’s language)

This method ensures a robust, consistent, and linguistically accurate comparison.

A list of complementary documents is available. These documents can be extracted and verified by ID360:

• Profile photo
• Vehicle registration certificate
• Health insurance card
• Social Security proof
• KBIS extract
• Payslip of a French employee
• Proof of address
• Bank account details (RIB) from French banks
• Property tax notice from the French government
• Income tax notice from the French government

—

If you would like more details on data extraction and both unitary and cross-check verifications, please refer to the following page : Extraction and Validation Documentation

—

You may also add other types of documents not listed above. Below is an example of adding a diploma:

⚠️ These custom documents are only collected — no data extraction or verification will be performed.

Enable the Digiposte button: This citizen digital vault allows users who have an account to easily provide documents. Some documents may be certified because they are directly uploaded by a trusted issuer (e.g., employer for payslips).

By enabling the Digiposte button, you allow users who have an account to import one or more documents from their personal digital vault.

Enable the MiTrust button: As a data intermediary, MiTrust connects users to trusted data sources such as banks, telecom operators, or government authorities.

MiTrust stands out for its ability to minimize shared data, transmitting only the information necessary for a given transaction.

Currently, the documents managed by MiTrust within ID360 are: the income tax notice, the property tax notice, and the proof of address.

This section allows you to customize all the checks you wish to perform on identity documents or on data retrieved from External Identity Modules (EIMs).

If your process includes either PVID (Dynamic Identity Verification Process) or the Custom Online Process by Docaposte, the following checks are available:

By selecting only “Extract and verify the document,” the system will extract the data from the identity document. You can then choose the relevant checks for your use case, including:

Allow address to be used: the address from the identity document will be stored in the Identity block. We recommend requesting a proof of address if you need a verified address (document must be issued no more than 3 months prior to submission).

—

Check birth date against the MRZ : Compares the birth date shown on the document (VIZ) with the one read from the MRZ.

—

Check emission date against the MRZ : Compares the emission date as it appears visually on the document (typically from the VIZ – visible image zone) with the one extracted from the MRZ.

—

Check first names against the MRZ: Compares the first names as seen on the document image (VIZ) with those extracted from the MRZ.

—

Check surname against the MRZ: Compares the surname as seen on the document image (VIZ) with those extracted from the MRZ.

—

Check that the document numbers in the VIZ and the MRZ are the same: Compares the document number from the VIZ with the one extracted from the MRZ.

—

Checks document type against 2D-DOC data: Compares the document type (passport, ID card, residence permit, driver’s license) from the 2D-DOC with the one extracted from the MRZ.

—

Checks emission date against 2 first numbers in the MRZ (for French passports): Compares the visually read issuance date (from the VIZ) with the one inferred from the first 2 digits of the MRZ.

—

Checks first name against 2D-DOC data: Compares the first name from the 2D-DOC (if available) with the one extracted from the MRZ.

—

Checks gender against 2D-DOC data: Compares the gender from the 2D-DOC (if available) with the one extracted from the MRZ.

—

Checks id number against 2D-DOC data: Compares the document number from the 2D-DOC (if available) with the one extracted from the MRZ.

—

Checks if the Id document was not issued on Sunday: Checks that the document was not issued on a Sunday.

—

Checks MRZ validity: Ensures that the checksums in the Machine Readable Zone are valid and that the MRZ follows international standards.

—

Checks name against 2D-DOC data: Compares the last name from the 2D-DOC (if available) with the one extracted from the id card.

—

Checks that the document has not been created in the future: Checks that the issuance date is prior to today’s date.

—

Checks that the document has not expired (for old French IDs: 15 years for adult, 10 for child): Verifies that the document is still valid, considering a 15-year validity for majors and 10 years for minors, with some exceptions depending on the issuing country.
The validity period is 15 years for national identity cards issued since 2004.Example: a card issued in 2008 is valid until 2023. For cards issued before 2004, ID360 also applies a 15-year validity period.

—

Checks that the document number is not include in the blacklist: Checks whether the document number is listed in a configurable blacklist (to reject known fraudulent documents).

—

Checks that the document was recognized: Checks that the document is an identity document

If your process includes FranceConnect+ and/or La Poste Digital Identity, make sure to check the option “Extract digital identity” so that we can populate the Identity block with the retrieved data.

If you have selected fields in the Information Entry step, this is where you must configure the consistency between the data entered and the data extracted from the identity document.

You can extract and verify the authenticity of the documents using various checks, depending on the type of document provided. It is also possible to verify the document by cross-checking the extracted data with the fields you have selected.

Active liveness check: The user must complete two random challenges (e.g., turn their head left/right, open their mouth…) to confirm they are not a deepfake.

Passive liveness check: The user will be required to take a photo of their face. The system will verify that the end user is live (liveness detection), that they are not wearing a mask or using filters, that the face does not come from a photo, and that no spoofed video stream (e.g. webcam injection) is being used.

Biometric facial comparison with the ID document: The user must take a selfie. The extracted face will be compared to the photo on the ID document.

/!\ On a PC, the user can use their device’s camera. However, we recommend redirecting the user to their mobile device for better photo quality and a more intuitive experience.

As part of the customizable online process of Docaposte, or in the case of collecting an identity document associated with an EIM (such as La Poste Digital Identity), you can select the authorized identity documents (National Identity Card, Passport, Residence Permit, and Driving Licence in card format).

As part of a passive liveness check, the user will need to take a picture of their face. Three levels can be configured:

• Disabled: only presentation attack detection will be enabled
• Intermediate: if the user is on a Chromium-based browser, we can verify that no video stream is injected; control is inactive on Firefox.
• Advanced: if the user is on a Chromium-based browser, we can verify that no video stream is injected; if the user is on Firefox, they will be instructed to change browser.

Country code suggested by default when a number must be entered for receiving an OTP by SMS, as well as when switching from a landline or tablet to a mobile phone.

As part of an active liveness check, the user must complete challenges configurable at this level.

If the sender’s name should differ from the company name in ID360 when sending an OTP by SMS, or when switching from a landline or tablet to a mobile phone, it should be entered here.

You can customize the visual rendering of the journey at two levels: the process or the end user.

At process level, the customization applies to all cases, meaning every end user will be impacted.

Or at case level (only when using API integration), in which case the end user will have a dedicated interface customization theme.

You can define a customization directly at the process level. In this case, the configuration is generic and automatically applies to all cases initiated from this process.

This allows you to ensure visual consistency without having to configure each case individually.

In addition, you can define a specific customization at the final user level.

This configuration allows you to adapt the visual rendering of the journey for a specific case, depending on your client or your usage context.

To create themes, click on the burger menu at the top right and select Themes. Click on “Add Theme +“ and configure your theme. You can create as many themes as needed depending on your interface customization requirements.

Once the themes are configured, the theme IDs are visible in the “ID” column. In the example above, the IDs are 2 and 3.

You now simply need to provide this theme ID when creating the user folder (see Note in section “User folder creation” in Developer Guide – ID360 Capture).

The application refers to your business application and is used to configure the credentials to be deployed on the server.

Important: Make sure to select the appropriate application from the list of “Applications allowed to use this process.” Multiple applications may have been created beforehand, and it’s possible to authorize one or more to use this process.

Once this step is complete, click Validate to finalize the configuration.