Persona Help Center
Persona supports Microsoft Entra Verified ID as both an issuer and a verifier of verifiable credentials (VCs). This article explains how each flow works and how to configure them in your integration.
Overview
Microsoft Entra Verified ID is a decentralized identity solution that allows organizations to issue tamper-proof digital credentials and request them from users across applications and ecosystems. Verifiable credentials are cryptographically signed, portable, and user-controlled — meaning the holder chooses what data to share and with whom.
Persona fits into this ecosystem in two ways:
- As an issuer: After a user completes a Persona verification, Persona can issue a verifiable credential on their behalf using a Persona-controlled Microsoft Entra tenant. The credential is stored in the user's Microsoft Authenticator wallet and can be reused across any Entra Verified ID-compatible service.
- As a verifier: Persona can request and validate a previously issued verifiable credential as part of a verification flow, allowing users to skip re-verification if they already hold a trusted credential.
How it works
Issuance flow
When Persona acts as the issuer, the following steps occur:
- The user completes identity verification through Persona.
- Upon successful verification, Persona calls Microsoft Entra's issuance API using a Persona-managed Entra tenant.
- Entra generates a verifiable credential containing the verified identity claims (e.g. first name, last name, document number, date of birth).
- The user is prompted to scan a QR code or follow a deep link to add the credential to their Microsoft Authenticator app.
- The credential is stored in the user's wallet and can be presented to any Entra Verified ID-compatible relying party without repeating the verification process.
Note: Persona manages the Entra tenant used for issuance. You do not need to configure or maintain your own Entra tenant to use Persona as an issuer.
Verification flow
When Persona acts as the verifier, the following steps occur:
- A user arrives at a verification step in your flow.
- Persona sends a presentation request to Microsoft Entra.
- The user opens Microsoft Authenticator, selects their credential, and presents it.
- Entra validates the credential's signature and returns the result to Persona.
- Persona evaluates the credential against your configured requirements (accepted issuers, required claims) and passes or fails the verification accordingly.
Configuration
Issuer configuration
No additional Entra setup is required on your end. Persona handles issuance through its own Entra tenant. To enable VC issuance at the end of a Persona verification flow, you can enable the option in your Dashboard > Verification settings.
Claims included in the issued credential are derived from the Persona verification result and may include:
| Claim | Description |
|---|---|
firstName |
Verified first name from identity document |
lastName |
Verified last name from identity document |
documentNumber |
Document ID number |
dateOfBirth |
Date of birth (if extracted) |
issueDate |
Date the credential was issued |
expiryDate |
Credential expiration date |
Verifier configuration
When configuring Persona as a verifier, you can specify:
Accepted issuers By default, Persona allowlists any Persona Verified ID during the verification flow. Some customers may choose to only accept Entra Verified IDs from a trusted Persona organization or inquiry template. These are verification checks and can be configured as part of the verifier flow.
Required claims Specify which claims must be present in the presented credential for verification to pass. If a presented credential is missing a required claim, the verification will be rejected.
Note: Talk with your Persona account team to enable this product feature.
Credential storage and validity
Issued credentials are stored in the user's Microsoft Authenticator wallet. Key details:
- Credentials are cryptographically signed and cannot be altered after issuance.
- Validity period is set at issuance time and determined by Persona's configuration.
- Users can present their credential to any Entra-compatible service without re-verifying.
User experience
For end users (issuance)
- Complete identity verification in your application.
- When prompted, follow the steps shared during the inquiry.
- After inquiry completion, confirm the credential details and add it to your wallet.
- Your verified credential is now available to present to supported services.
For end users (verification)
- At the verification step, scan the QR code with Microsoft Authenticator.
- Select the credential you wish to share.
- Confirm the data fields being shared and approve the presentation.
- Persona receives and validates the credential automatically.
Frequently asked questions
Does my organization need a Microsoft Entra tenant to use this feature? No. For issuance, Persona uses its own Entra tenant. For verification, no tenant is required on your side — Persona handles the presentation request and verification.
What wallet does the user need? Users must have Microsoft Authenticator installed on their iOS or Android device to receive and present credentials.
Can I accept credentials issued by other providers, not just Persona? Yes. As a verifier, you can configure accepted issuers to include to other Entra Verified ID issuers. You can also accept multiple issuers simultaneously.
What happens if a user loses access to their Authenticator app? The user would need to re-verify through Persona to receive a new credential.
Is the issued credential reusable across multiple services? Yes. Once stored in the wallet, the credential can be presented to any relying party that supports Entra Verified ID without the user repeating the identity verification process.
Related resources
- Microsoft Entra Verified ID documentation
- Microsoft Authenticator app
- Persona verification templates (Dashboard)
- Contact your account team for enterprise setup assistance