How the LOA1 user journey works

This is a typical user journey for a level of assurance 1 (LOA1) service. It’s different to the user journey for an LOA2 service.

It typically takes about 5 minutes to create a GOV.UK Verify account, and less than a minute to sign in after that point.

The user journey might change depending on which certified company the user chooses. Each certified company checks users’ identities differently.

    Your service

  1. User is asked to prove their identity to use the service

  2. GOV.UK Verify hub

  3. User says if they’ve used GOV.UK Verify before

      Sign in (returning user journey)

      It takes less than a minute to sign in.

    1. User picks a certified company to sign in with

    2. User signs in with username or email and password

    3. User receives 2 factor authentication code

    4. User enters 2 factor authentication code

    5. User continues to use the service

  4. Sign up (new user journey)

    It takes about 5 minutes to create an account.

  5. User finds out what GOV.UK Verify is

  6. User finds out about certified companies

  7. User finds out how long it will take to verify themselves and how to create an account

  8. User chooses a certified company

  9. User is told they need to go to the certified company’s website to create an account

  10. Certified company: create an account

  11. User creates a username or email and password

  12. User receives a confirmation code by email

  13. User enters confirmation code

  14. Certified company: set up 2 factor authentication

  15. User adds phone number or chooses an alternative 2 factor authentication method

  16. User receives authentication code

  17. User enters authentication code

  18. Certified company: add personal details

  19. User adds their name, age and gender

  20. User adds and confirms address

  21. User’s details are checked by the certified company

  22. Certified company: knowledge-based authentication

  23. User answers knowledge-based authentication question 1

  24. User answers knowledge-based authentication question 2

      If knowledge-based authentication is unsuccessful

    1. User is told they can’t be verified

    2. User sees the other ways to use this service

  25. Confirmation: user is sent back to the GOV.UK Verify hub

  26. The certified company tells the user they’ve been successfully verified

  27. GOV.UK Verify confirms that they’ve been successfully verified

  28. Your service

  29. User continues to use your service

Return to Design how your service sends users to GOV.UK Verify