Jaa

Get verifiable credentials from a trusted ID verification vendor

  • Artikkeli

Appropriate roles: All roles for Microsoft AI Cloud Partner Program, Cloud Solution Provider (CSP) program, and Surface program; Manager | Owner for Developer programs (Hardware Developer Program, Commercial Marketplace, Windows and Xbox, and more)

Complete your identity verification to access Partner Center programs by obtaining and presenting verifiable credentials (VCs) issued by a trusted ID verification vendor (IDV).

Learn what verifiable credentials (VCs) are

Verifiable credentials are an open standard for digital credentials. Verifiable credentials can represent information found in physical credentials, such as a passport or license, or information that has no physical equivalent, such as bank account ownership. Verifiable credentials have numerous advantages over physical credentials, most notably that they're digitally signed, which makes them tamper-resistant and instantaneously verifiable.

The entity that generates the credential is called the Issuer. The credential is then given to the Holder who stores it for later use. The Holder can then prove something about themselves by presenting their credentials to a Verifier.

Some trusted ID verification vendors (IDVs) issue verifiable credentials that validate individuals, organizations, and associations through face recognition technologies (also called a "live selfie"). The issuers match the facial recognition with government-issued IDs and documents to certify verifiable credentials by using Microsoft's Distributed Identities Framework. Users can present these certificates from devices that are integrated with Microsoft Authenticator to confirm their credentials without repeatedly undergoing the verification process. If any of the user's attributes change, the verifiable credentials can be removed or blocked to prevent misuse or impersonation.

Understand why Microsoft requests verifiable credentials from a trusted IDV

Bad actors are increasingly using sophisticated techniques to commit fraud against Microsoft and its customers and partners. An analysis of recent attacks shows that sophisticated techniques, such as consent phishing, impersonation, and exploitation of process gaps in critical transitions are used to steal customer data, publish malicious apps, and cause damage to Microsoft and its partners directly or indirectly.

To prevent such attacks, Microsoft enhanced its vetting process and committed to using verifiable credentials from trusted IDVs.

The security of verifiable credentials is questioned. Verifiable credentials are subject to usability concerns. Anyone can issue verifiable credentials about anything. Credentials can be presented to and verified by everyone.

Obtain a verifiable credential for Partner Center

When a Partner Center program requires a verifiable credential, a link appears that takes you to a page where you can choose from one of our trusted identity verification vendors (IDVs). You can then obtain a VC certificate. You're asked to present a government issued ID and then take a selfie for facial matching. Once the IDV completes the identification verification process, they issue you a VC certificate that you can store in your mobile Microsoft Authenticator app.

Going forward, if Partner Center requests a VC, you get a QR code to scan on a mobile device camera. After you scan the QR code, the mobile MS Authenticator app opens, and you can select your VC certificate.

Note

If asked to present a VC, you receive an email. Complete the identity verification within 30 days, or your account verification might be rejected.

Get verifiable credentials

  1. Sign in to Partner Center, select Settings (gear icon) > Account Settings.

  2. Select the Legal info tab. The Legal business profile section shows your Verification status in the Microsoft AI Cloud Partner Program.

    Screenshot that shows the Legal Info tab in Account settings. In Legal business profile, verification status shows as Pending. Fix Now is highlighted.

  3. If you're prompted for identity verification, select Fix Now.

  4. Install the Microsoft Authenticator app on your iOS or Android mobile device.

  5. Get your valid government ID, for example, a passport, a driver's license, or other national ID. The ID should be a current, up-to-date, and physical form of ID.

  6. Verify that the name on your ID matches either the Partner Center primary contact or your tenant username.

    Note

    For Developer accounts enrolled in the Hardware program, only the primary contact can complete the identity verification. The primary contact email must be an individual’s company address used to log into Partner Center. It can't be a group alias and the mailbox should be monitored for next actions.

    Note

    To see the Partner Center primary contact, select Account settings, then select Legal profile. Expand and edit Contact Info and first contact in side panel is primary contact. To see the Partner Center username, select Account settings, then select User management. Only the tenant admin can update these names.

  7. Select Start next to a trusted partner.

    Screenshot that shows the Our Trusted Partners section of the User Management tab.

  8. Create verifiable credentials by using the trusted partners' pages. The following steps show an example walkthrough. It uses the trusted partner: AU10TIX.

    1. Select Let's Begin.

      Screenshot that shows the AU10TIX starting page with the button: LET'S BEGIN.

    2. Enter your Partner Center user email address.

      Screenshot that shows the AU10TIX Email Approval page.

      AU10TIX sends an email verification in email that includes a PIN code.

    3. Check your email for the verification mail and enter it to verify your email account.

      Screenshot that shows the AU10TIX page: Enter the PIN code we just sent to your inbox.

    4. Enter your mobile number that has the Microsoft Authenticator app installed.

      Screenshot that shows the AU10TIX page: Great! To continue, enter your phone number.

    5. Select Start.

      Screenshot that shows the AU10TIX page: Prepare your document before starting the process.

    6. Use mobile camera to scan the QR code.

      Screenshot that shows the AU10TIX page: Switch to mobile and make it easier on yourself. The page has a prominent QR code to scan.

    7. On your mobile device, select Start.

      Screenshot that shows the AU10TIX page on a mobile device, with the text: Prepare your document before starting the process.

    8. Select Continue to allow your browser to have access to the camera.

      Screenshot that shows the AU10TIX page on a mobile device, with the page: Select allow on your browser camera access prompt. It appears right after.

    9. Select Continue to capture the photo.

      Screenshot that shows the AU10TIX page on a mobile device: Capture your document. An illustration shows a camera taking a picture of an ID card.

    10. Select Continue to verify that you're happy with the picture, or select Retake to retake the picture.

      Screenshot that shows the AU10TIX page on a mobile device, a picture of the ID card, and the option to retake the photo.

    11. Select Continue to take a photo of yourself. Remove glasses and face masks, and ensure the lighting in the room is good.

      Screenshot that shows the AU10TIX page on a mobile device, with the text: Take a selfie. An illustration shows taking a picture of yourself.

    12. Once verification is completed, then AU10TIX sends an SMS verification code to your mobile device. Select Open Authenticator.

      Screenshot that shows the AU10TIX page on a mobile device, with the text: Success! The button: Open Authenticator is shown.

    13. Enter the SMS verification code into the Microsoft Authenticator prompt.

      Screenshot that shows Microsoft Authenticator on a mobile device, with a spot to enter your verification code, and the Next button.

    14. Select Add to add a verified ID to the Microsoft Authenticator app. Screenshot that shows the Microsoft Authenticator page on a mobile device, with the text: Add a verified ID, and an Add button.

    15. Select VerifiableCredential to select a credential to share with Partner Center.

      Screenshot that shows the mobile Microsoft Authenticator page, the title: Share with Partner Center?, and a selection: VerifiableCredential.

    16. Select Confirm.

      Screenshot that shows the Microsoft Authenticator page on a mobile device, with a preview of the ID card and other info about the credentials.

    17. Select Share to share the credentials with Partner Center.

      Screenshot that shows the Microsoft Authenticator page on a mobile device, with text: Share with Partner Center? The Share button is shown.

    18. Once the verifiable credential is shared with Partner Center, then the vetting and onboarding process proceeds to employment verification.

      Screenshot that shows the Legal Info page in Account settings with the steps up to Employment verification completed.

Frequently asked questions

Why does the enrollment process require identity verification?

To ensure the partner ecosystem is secure, we might ask for other identity verification before enrollment can complete.

How long do I have to complete the verification process?

Sixty days.

Can I use an existing verifiable credential?

Yes, you can use an existing VC from a Microsoft Partner Center preferred vendor. If you're prompted for a VC, select Get VC to see a list of our approved IDVs.

Which vendors can I use to complete the identity verification?

Currently, Microsoft partners with AU10TIX.

What do I need to complete the identified verification process?

  • A government issued ID such as passport or driver's license.
  • A mobile device (iOS or Android) with the Microsoft Authenticator app installed.

How long should the identity verification process take?

We recommend you dedicate 15 minutes to completing the entire process.

Does my Partner Center username need to match the name on my government issued ID?

Yes, the names must match exactly and be in the same language.

Contact your Partner Center global administrator to update your username if needed.

Does the ID verifier (IDV) store my personal data?

Microsoft requires that its trusted ID verifiers adhere to privacy policies and that your data is safely handled and disposed of.

What email should I provide the AU10TIX?

Provide your Partner Center user email address. The email address is used for PIN verification.

Why do I need to provide my mobile number to AU10TIX?

A mobile number is required for AU10TIX to send an SMS code later in the process to verify your endpoint device.

AU10TIX then sends this endpoint device the VC certificate to load onto the MS Authenticator app.

What if my company doesn't allow me to use a personal mobile device or issued me a corporate mobile device?

Work with your IT and governance departments on corporate policy.

What happens if the IDV fails to issue me a VC?

Go to Partner Center/Account Settings/Legal Info page, then select Contact Support.

Does a VC expire?

Yes, a verifiable credential certificate expires either at one year or on the expiration date of the government-issued document, whichever comes first. The Microsoft Authenticator app shows the certificate expiration date.

What if my attempt to get a verifiable credential fails and I need further support?

For further assistance, create a support ticket.