Today Oracle is announcing Oracle Cloud Infrastructure Identity and Access Management (IAM) Identity Assurance, a new AI-powered feature built directly into OCI IAM that helps enterprises verify the real identity of users accessing critical applications and sensitive data. As credential theft grows and AI makes phishing, social engineering, and impersonation attacks more sophisticated, passwords often validate access without fully proving who’s behind the login. Identity Assurance offers biometric facial scans, validated against government-issued IDs, to verify a person is real and is who they claim to be, with routine checks that can be applied across the employee lifecycle from onboarding employees, verifying identity prior to an employee performing a high-risk action within a critical application, all the way through offboarding employees.

With Identity Assurance, OCI becomes the first major cloud provider to deliver an out-of-the-box biometrics identity verification solution natively integrated within IAM, spanning biometric enrollment, government ID checks, encrypted storage of biometric vector embeddings, policy enforcement, audit logging, and lifecycle management. This marks an important step forward in helping customers strengthen identity security without the cost and operational overhead of stitching together standalone APIs or plugins and re-engineering their IAM workflows.

Why OCI has shifted to biometrics

Enterprises are adopting biometrics because passwords are still heavily targeted and frequently compromised—and AI has made impersonation attacks more scalable and more believable. According to Lumos, 96% of organizations have experienced identity-related security incidents, with 43.6% originating from stolen credentials. For regulated industries such as financial services, healthcare, and energy, the impact isn’t just operational disruption—it can include compliance exposure, fraud losses, and reputational damage.

But biometrics only delivers enterprise-grade protection when it’s not bolted on as a one-off workflow. To scale across onboarding, day-to-day access, and high-risk actions, biometrics must be deeply integrated into IAM—where identity policy, access governance, audits, and user lifecycle controls already live. And it must include liveness detection to help reduce the risk of spoofing and deepfakes—so “a face” isn’t enough; it has to be a live person.

OCI’s out-of-the-box Identity Assurance: How it works

Identity Assurance is designed to make high-assurance identity verification practical across the employee lifecycle:

  1. Biometric onboarding (enrollment)
    Users consent to one-time enrollment by scanning a government-issued ID (front and back) and completing a selfie-based biometric capture. The facial scan is validated against the ID to establish a strong identity binding.
  2. Encrypted storage and regular identity verification
    After completing the selfie, biometric images are converted into vector embeddings and stored with encryption and granular access controls—helping customers align to internal security and compliance requirements. Raw images are never stored. Each time a user is regularly verified throughout the employee lifecycle, their captured selfie is compared to this vector embedding for identity verification.
  3. Liveness detection to reduce spoofing risk
    During each biometric verification, OCI performs liveness detection to help defend against presentation attacks and AI-driven deepfakes.
  4. Policy-driven, routine verification throughout the lifecycle
    Identity Assurance is designed to enable routine and step-up verification—from onboarding and sensitive system access to high-risk actions (e.g., changing payout details), all the way through offboarding—backed by IAM policies, audit logs, and lifecycle management.

Why OCI for biometrics identity verification?

Identity Assurance is built to help reduce both security risk and operational friction:

  • Less engineering, lower cost, faster time to value: Avoid stitching together standalone biometric APIs or plugins with ID proofing, encrypted biometric vector storage, audit trails, and lifecycle workflows, then wiring it all into your identity stack. For many enterprises, that DIY approach can require significant incremental build investment and cost for a production-grade rollout. With Identity Assurance, these capabilities are already built into OCI IAM.
  • Designed for workforce flow: Fast verification is designed to strengthen assurance without derailing productivity.
  • Higher-confidence checks: Government ID validation plus liveness detection helps reduce impersonation, spoofing, and deepfake risk.
  • Managed, centralized, IAM-native controls: Enrollment, encrypted biometric vector storage, policies, audits, and lifecycle management are integrated within OCI IAM so teams can deploy and operate in one place.

Conclusion

Passwords can be a critical weak link in the AI-era where attacks are turning credential theft and impersonation into a board-level risk. As more enterprises move toward biometrics to prove identity (not just possession of credentials), OCI Identity Assurance helps customers adopt a simplified, integrated, and managed approach that’s built directly into IAM— to help security leaders strengthen identity assurance without creating a long-term integration and maintenance burden.

Ready to get started?

Enable OCI Identity Assurance and bring workforce identity verification into your IAM strategy without turning it into a multi-quarter engineering project.

For more information, see the following resources: