# Enroll from the document photo Use case showcasing how to enroll (register) the user in Keyless using the user's document photo. In this tutorial you will use 2 independent modules offered by Keyless: 1. [The Keyless Document SDK](https://docs.keyless.io/mobile-document-sdk): responsible to retrieve user data such as the photo from the idenity document. 2. [The Keyless SDK](https://docs.keyless.io/consumer): responsible to register the user in order to enable biometric authentication. {% hint style="warning" %} **Important**: the [Keyless SDK](https://docs.keyless.io/consumer) does not check if the photo was retrieved from an identity document using the [Keyless Document SDK](https://docs.keyless.io/mobile-document-sdk). The responsibility to pass only photos retrieved from verified documents (e.g. using the [Keyless Document SDK](https://docs.keyless.io/mobile-document-sdk)) is left to the integrator. {% endhint %} The complete flow to register a user and verifying that the user face matches the document photo is the following: 1. Retrieve the user photo from the document 2. Confirm the document is valid. 3. Enroll using the photo. 4. Authenticate using the face. Below are the detailed steps to satisfy the enroll from document photo use case. ## 1. Retrieve the user photo (from the document) It is possible to retrieve the photo and user data from the user identity document using the [Scan Document API](https://docs.keyless.io/mobile-document-sdk/mobile-document-sdk-guide/4-scan-document). {% tabs %} {% tab title="Android" %} ```kotlin KeylessDocument.scanDocument() { when (it) { is DocumentResult.Success -> { // path where the document photo is saved Log.d(TAG, "Photo path ${it.value.facePath}") } is DocumentResult.Failure -> { Log.d(TAG, "Error ${it.error}") } } ``` {% endtab %} {% tab title="iOS" %} ```swift KeylessDocument.scanDocument() { result in switch result { case .success(let document): // UIImage containing the document photo let photo: UIImage? = document.passportImage case .failure(let error): print("Error: \(error)") } } ``` {% endtab %} {% tab title="Flutter" %} ```dart DocumentResult documentResult = await KeylessDocument.instance.scanDocument(); switch (documentResult) { case DocumentSuccess(data: final document): String photoPath = 'Document: ${document.facePath}, ...'; break; case DocumentFailure(message: final error, code: final code, errorType: final type): String error = 'Document Error: $error $code ($type)'; break; ``` {% endtab %} {% endtabs %} ## 2. Confirm the document is valid In the previous step you retrieved the Document photo, the `EDocument` result contains additional fields that we advise to verify before proceeding with registering the user from the photo in Keyless. Make sure that the `EDocument.security.ValidityInformation` are valid: {% tabs %} {% tab title="Android" %} ```kotlin public enum class Verdict { NOT_CHECKED, // Not checked FAILED, // Present, checked, and not ok SUCCEEDED, // Present, checked, and ok } public data class ValidityInformation( var typeOfAccessControl: String = "", var activeAuthentication: Verdict = Verdict.NOT_CHECKED, var chipAuthentication: Verdict = Verdict.NOT_CHECKED, var dataNotTampered: Boolean = false, var documentCorrectlySigned: Boolean = false, var documentSigningCertificateVerified: Boolean = false, ) ``` {% endtab %} {% tab title="iOS" %} ```swift public enum Verdict { case notChecked, failed, success } public struct ValidityInformation { public let typeOfAccessControl: String? public let activeAuthentication: Verdict public let chipAuthentication: Verdict public let passportCorrectlySigned: Bool public let documentSigningCertificateVerified: Bool public let passportDataNotTampered: Bool } ``` {% endtab %} {% tab title="Flutter" %} ```dart enum Verdict { notChecked("not_checked"), // Not checked failed("failed"), // Present, checked, and not ok succeeded("succeeded"); // Present, checked, and ok } class ValidityInformation { final String typeOfAccessControl; final Verdict activeAuthentication; final Verdict chipAuthentication; final bool dataNotTampered; final bool documentCorrectlySigned; final bool documentSigningCertificateVerified; } ``` {% endtab %} {% endtabs %} ## 3. Enroll using the photo (from the document) At this point you should have the photo of the user that you retrieved from the user's document. The enroll from photo is handled by the [Keyless Mobile SDK](https://docs.keyless.io/consumer) that is the SDk to enable privacy preserving bimoetric. Install the Keyless Mobile SDK following the [Getting Started section](https://docs.keyless.io/consumer/mobile-sdk-guide/getting-started). Now you can enroll the user by providing the document photo. For a detailed explanation of what enrollment with Keyless means, please refer to the [enrollment section](https://docs.keyless.io/consumer/mobile-sdk-guide/enrollment). To enroll the user photo follow the [enroll from photo](https://docs.keyless.io/consumer/mobile-sdk-reference/photo-enrollment). ## 4. Authenticate using the face (live person) So far you created a user in Keyless based on the document photo. However you did not verify that the user created is the real person that provided the document. The last step is to verify that the face of the user providing the document matches the photo of the user you just registered. To close the use case an authentication with Keyless is enough. Authenticate the user following the [authentication section](https://docs.keyless.io/consumer/mobile-sdk-guide/authentication). This will match the user face with Keyless privacy preserving biometric authentication against the user document photo. Congratulation you enrolled a user in Keyless from the identity document and verified that the user face matches the face in the document photo.