TrustID
TrustID provide their clients with a service for online identity and background checks; the Seven20 integration makes use of TrustID's API to allow Seven20 users to request such checks and receive the results without having to leave the Seven20 platform.
Currently the Seven20 TrustID integration only supports UK Home Office Right to Work checks; if clients require support for other types of checks this will require additional development so please contact the Seven20 product team with as much notice as possible.
The integration works within Seven20's Compliance framework - during the recruitment process, a Right to Work check can be requested for candidates on an individual basis.
The candidate will then receive an email with a URL to access TrustID's online platform where they can provide the required personal details and supporting documentation. Once TrustID have completed the checking process the Seven20 integration will automatically retrieve the overall status of the check, along with a detailed report which is saved as a PDF against the Compliance record.
Due to the sensitive nature of the data involved in Right to Work checks, TrustID operates a strict security policy around third-party integrations so it is advised to contact them as soon as possible to ensure that any technical requirements, NDAs etc. are resolved ahead of go-live.
Sending Requests To TrustID
A packaged permission set Seven20_TrustId includes the relevant permissions for triggering requests and viewing results. TrustID requests are made using a Compliance Request (seven20__Compliance_Request__c) created from a Compliance (seven20__Compliance__c) record. To trigger a request to be sent a Compliance Request must be created or updated with the following conditions:
- Record type set to the packaged record type TrustID (seven20__TrustId)
- Internal Status (seven20__Internal_Status__c) set to Queued
If the record is sent successfully Internal Status will be set to Sent. If the request to send fails Internal Status will be set to Error and the Error (seven20__Error__c) field will be populated with details of the error.
Results
Results are retrieved via a webhook. The External Status (seven20__External_Status__c) field will hold the overall result retrieved from TrustID - this can be set to one of three values:
- Passed - Represents a successful check
- Rejected - Represents a check that failed for honest reasons, like glare on photos etc.
- Failed - Represents a check that failed for malicious reasons i.e. a counterfeit document
It is important that the client's business processes properly account for the Failed check status - candidates with a Failed status should not be allowed to resubmit a subsequent request, due to the apparently malicious nature of the submitted content. If in doubt, see the report for details and contact TrustID directly.
Some specific result details are also stored:
- TrustId GPG45 Profile (seven20__TrustId_GPG45_Profile__c) stores the result of the GPG45 profile returned by TrustID
- TrustId Identity Verified Status (seven20__TrustId_Identity_Verfied_Status__c) stores the Identity verified result from TrustID
N.B. The field name and API name for TrustId Identity Verified Status are currently spelt incorrectly in the package, as written above.
Once a result has successfully been retrieved External Request Id (seven20__External_Request_Id__c) will be populated with the application's container Id provided by TrustID and Report Status (seven20__Report_Status__c) will be set as Queued, awaiting retrieval of the report.
Retrieval of results happens asynchronously so there may be some delay between completion in TrustID and the results being available in Seven20.
Reports
Once results have been received, the associated reports are retrieved by a scheduled apex job for all Compliance Request records with Report Status Queued. How long this takes will depend on the scheduled interval of the apex job.
If the report is successfully retrieved Report Status will be set to Retrieved and the report will be linked to both the Compliance Request record and its related Compliance record.
If the report retrieval fails Report Status will be set to Error and the Error field will be populated with details of the error.