Identity Assurance Levels (IAL)

Identity Assurance Levels (IAL) refer to the degree of confidence an organization has in the claimed identity of a user. Defined by the National Institute of Standards and Technology (NIST) in SP 800-63-3, the levels help determine the rigor needed in identity proofing and verification.

About Identity Assurance Levels (IAL)

What are the three identity assurance levels?

IAL1 requires no verification of identity, typically used in low-risk scenarios where anonymity is acceptable. IAL2 requires evidence-backed identity proofing, often involving document verification and biometric comparison. IAL3 requires in-person identity verification or supervised remote processes with high confidence in identity validation.

What are the levels of identity assurance?

The three levels—IAL1, IAL2, and IAL3—range from minimal to strong identity assurance. Organizations use these levels to calibrate onboarding, authentication, and access decisions based on the sensitivity of the services provided and the risk posed by impersonation.

What are the most common challenges with this topic?

Challenges include balancing user convenience with security, integrating consistent assurance practices across jurisdictions, and implementing IAL3-level verification without introducing friction that deters users. Additionally, ensuring interoperability across platforms with varying standards adds complexity to identity assurance design.

Secure verifications for every industry

We provide templated identity verification workflows for common industries and can further design tailored workflows for your specific business.