“Identity proofing by leading identity verification partners, in the form of Verifiable Credentials, will help reduce the remote onboarding time for our new employees from as much as 3 days [today] to as little as 10 minutes—all while improving the employee experience and making a great ‘first’ impression!” – Autodesk
I’m thrilled to share additional preview features aimed at making it easier for issuers and verifiers to exchange credentials in a trustworthy manner. As described in our previous blog post,we’re extending these new capabilities forany Microsoft customer.
Quickly issue a Verifiable Credential for directory-based claims
Based on customer feedback, in addition to managing Custom Credentials, we’re excited to share that you can now use the Quick Start option to configure the look and feel based on directory-based claims. Directory-based claims (e.g., Azure AD) have been used to power profile cards in M365 for a long time. You can configure and tap into these claims using Microsoft Graph to create Verified Credentials for a wide variety of use cases, such as a verified employee.
Figure 1. IT administrators can configure and publish these credentials using Azure Portal.
Enterprises can issue Verifiable Credentials to existing users of Microsoft Authenticator (or any other standards-compliant wallet). Admins can enable Authenticator users to accept these credentials with just one click!
Verifiable Credentials Network
We are thrilled to offer Verifiable Credentials Network so developers can discover their preferred issuer of credential types, e.g., Verified Student by Contoso University using portal for administrators or APIs. Anyone using the free version of Azure AD can now easily request and verify credentials without requiring any custom integration with issuers.
Figure 2 Search for preferred issuer and the credential type to verify .
APIs for developers and administrators
Developers can use APIs for Verifiable Credential Network to discover credential types and choose their preferred issuer (e.g., student ID credentials by Contoso University). In addition, developers can use Request API to programmatically issue and verify credentials so developers can quickly integrate verifiable credentials into new and existing apps. Samples are available in .net, Java, Node.JS, and Python, illustrating how to use the Request API. In addition, using the Admin API, administrators can automate everything from onboarding your tenant to creating issuers, to managing the look and feel of credentials.
Recovering from loss of device using backup and restore
Figure 3. Set up credentials and securely recover them if your device is lost. This UI shows how that set up would work.
MS Authenticator users can now recover Verifiable Credentials in the event of a loss of device. Users can export their credentials and secure the exported file using a pass phrase to ensure that only you can access your encrypted credentials. If you lose your phone, you can use Microsoft Authenticator on the new device to import credentials using the file, along with the passphrase.