Vendor outage response process
If an outage in a 3rd party vendor is identified, we can manually update the configuration of the IdP to provide error messaging to users in affected flows.
There are two ways to turn off flows:
Both methods involve changing configuration flags in the
file config/application.yml
. To edit this file, use the
guidance here.
The final step in the guidance is to restart server instances. Once the
restart completes, users in affected flows will be presented with an
error message explaining the outage, or redirected to an error page if
they are unable to continue.
Once we have received word that the vendor is back up and running, simply re-edit the configuration and delete the vendor status.
Completely disabling identity verification
For a full AAMVA outage, disable identity verification.
Operators can explicitly disable IdV using the idv_available
configuration key:
# Setting idv_available to false will disable
# unsupervised identity verification.
# Users will be shown an error message instead.
idv_available: false
For faster results, recycle without a migration instance.
Turning off individual vendors
Several vendors or third-party services can be turned off individually. Each is controlled by a configuration flag:
vendor | flag(s) |
---|---|
Acuant | vendor_status_acuant |
LexisNexis | vendor_status_lexisnexis_instant_verify vendor_status_lexisnexis_phone_finder vendor_status_lexisnexis_trueid |
Pinpoint | vendor_status_sms vendor_status_voice |
For a full AAMVA outage, see above to completely disable identity verification
The possible values for each flag:
operational
full_outage
The default value for each of the flags is operational
.
When one or more of the flags are set to full_outage
, some parts of
identity verification will be disabled.
As an overview:
- Setting
full_outage
foraccuant
,lexisnexis_instant_verify
, orlexisnexis_trueid
turns off pretty much everything. Identity verification is completely unavailable.
- Setting
full_outage
forlexisnexis_phone_finder
disables instant verification, but verification by mail is still available.
- Setting
full_outage
forsms
orvoice
disables instant verification, but verification by mail is still available.
ID image uploads must be done on the device with which the user began verification. Normally, desktop computer users are able to use their phone to upload pictures of their ID. Desktop users will not be offered this choice.
The precise effects of each flag are:
vendor_status_acuant
-
Users will not be able to enter or re-enter the identity verification flow.
-
A user who has reset their password and does not have their personal key will not be able to reactivate their profile
vendor_status_lexisnexis_instant_verify
-
Users will not be able to enter or re-enter the identity verification flow.
-
A user who has reset their password and does not have their personal key will not be able to reactivate their profile
vendor_status_lexisnexis_phone_finder
-
Users will only be able to verify their identity by mail.
-
Any user entering the verification flow will be presented with an outage screen telling them that their options are to verify by mail or wait until our vendor outage is resolved.
-
Users will still be able to use their phone to upload images of their IDs.
Lexis Nexis TrueId vendor_status_lexisnexis_trueid
-
Users will not be able to enter or re-enter the identity verification flow.
-
A user who has reset their password and does not have their personal key will not be able to reactivate their profile
SMS
-
Users will only be able to verify their identity by mail.
-
Any user entering the verification flow will be presented with an outage screen telling them that their options are to verify by mail or wait until our vendor outage is resolved.
-
ID image uploads must be done on the device with which the user began verification. Normally, desktop computer users are able to use their phone to upload pictures of their ID. Desktop users will not be offered this choice when this flag is set to
full_outage
.
Voice
-
Users will only be able to verify their identity by mail.
-
Any user entering the verification flow will be presented with an outage screen telling them that their options are to verify by mail or wait until our vendor outage is resolved.
-
ID image uploads must be done on the device with which the user began verification. Normally, desktop computer users are able to use their phone to upload pictures of their ID. Desktop users will not be offered this choice when this flag is set to
full_outage
.