Unified Candidate Identity: A Runbook From Apply to BG Check
A unified candidate identity is not a data field. It is an instrumented control that ties every hiring decision to the same verified human, with timestamps, evidence, and owners.

Unified candidate identity is chain-of-custody. If you cannot link every decision to the same verified human with timestamps, you are running an audit risk, not a funnel.Back to all posts
Real hiring problem
Recommendation: treat unified candidate identity as a chain-of-custody control, not a convenience. If you cannot tie application, interview, assessment, and background check to the same verified human, you have an audit and fraud exposure even if each step "worked" in isolation. Operationally, this shows up as SLA breaks at the worst moment: late-stage loops restart, offers stall while you reconcile identity artifacts, and manual exceptions cluster around scheduling and background check initiation because identity is unverified. External pressure is real. Checkr found 31% of hiring managers say they have interviewed a candidate who later turned out to be using a false identity. Pindrop reported 1 in 6 applicants to remote roles showed signs of fraud in one real-world pipeline. When that risk hits your funnel, the cost is not only security. It is cycle-time waste and mis-hire exposure, where replacement cost can reach 50-200% of annual salary depending on the role (SHRM).
WHY LEGACY TOOLS FAIL
Recommendation: stop relying on tool-to-tool goodwill to maintain identity continuity. You need an orchestrated identity object that persists across steps with timestamps and evidence. Why the market failed to solve this: ATS platforms manage stages, not identity assurance. Background check workflows often start from a late-stage handoff that can be rekeyed or modified without a chain of custody. Interview and assessment tools capture rich signals, but they usually store them as separate artifacts without standardized rubric storage and without writing back an immutable event log into the ATS. The operational result is waterfall sequencing. Each check waits on the prior tool, and every exception becomes an email thread. No SLAs for manual review means pending states can sit unowned. No unified evidence pack means you cannot answer basic defensibility questions like who reviewed the identity mismatch and when, and what evidence they saw.
OWNERSHIP and accountability matrix
Recommendation: document ownership in a matrix and enforce it in your workflow. In practice, unified identity fails when nobody owns the exception path. Use this split: Recruiting Ops owns workflow orchestration and SLA enforcement. Security owns identity policy, fraud thresholds, access control, and audit policy. Hiring Managers own rubric discipline, scoring completeness, and decision rationale. Define sources of truth: the ATS candidate record is the system of record for stage, timestamps, and decisions. The verification service is the system of record for identity evidence and fraud signals, but it must write back outcomes and evidence references to the ATS. Interview and assessment systems are signal producers, not truth stores. Their outputs must be attached to the candidate record as time-stamped events and rubric artifacts.

Recruiting Ops: workflow design, stage gating, SLA queues, exception triage, vendor orchestration.
Security: identity policy, step-up verification rules, fraud review requirements, retention controls, audit response templates.
Hiring Manager: rubric completion, evidence-based scoring, escalation when identity signals conflict with performance signals.
Automate: identity verification triggers, risk-tier assignment, access gating to interviews and assessments, evidence pack generation.
Manually review: mismatches, deepfake or proxy interview flags, document auth failures, and any override that changes a deny to a pass.
MODERN operating model
Recommendation: implement an instrumented workflow where identity is verified before access and every action produces an event in an ATS-anchored audit trail. Start with identity gating before privileged steps. "Privileged" in hiring means anything that consumes scarce reviewer time or produces decision evidence: interview slots, take-home assessments, live coding sessions, and background checks. Then move to event-based triggers instead of manual handoffs. When an application is created, trigger verification in parallel with screening. When verification passes, automatically unlock scheduling. When a risk flag appears, route to a review-bound SLA queue owned by Security or Recruiting Ops depending on the flag type. Automated evidence capture is mandatory. Every verification outcome, reviewer note, override, and rubric score is written as a time-stamped event. This creates the single source of truth needed for defensibility. A decision without evidence is not audit-ready. Finally, use analytics dashboards that combine time-to-hire with risk signals. Track time-to-event for verification completion, exception resolution time, and where pending states accumulate. Time delays cluster at moments where identity is unverified, and dashboards let you prove it and fix it.
Application created -> Candidate Identity ID issued.
Verification started -> verification completed (pass, fail, needs-review).
Interview access granted -> interview completed -> rubric submitted.
Assessment access granted -> telemetry captured -> score finalized.
Background check initiated -> cleared -> offer approved.
Median and p95 verification time-to-complete by region and device type.
Exception queue size, aging, and SLA breach counts.
Override rate by reviewer and by job family.
Offer-stage identity discrepancies (any mismatch discovered after interviews).
WHERE IntegrityLens fits
Recommendation: use IntegrityLens AI as the ATS-anchored control plane that persists candidate identity and evidence from apply through background check initiation. IntegrityLens enables unified candidate identity operationally by keeping identity verification, screening, assessments, and audit evidence in one hiring lifecycle with write-backs and immutable logs.
Identity gate before access using biometric identity verification with liveness, face match, and document authentication, completed in under 3 minutes before the interview starts.
Event-based orchestration with configurable SLAs, automated triggers, and ATS write-backs so pending states have owners and timestamps.
Fraud prevention signals that can trigger step-up verification, including deepfake detection, proxy interview detection, behavioral signals, and assessment telemetry with plagiarism detection across 40+ languages.
Immutable evidence packs with timestamped logs and reviewer notes, designed for audit response and reviewer accountability.
Security posture aligned to enterprise expectations with 256-bit AES encryption baseline and SOC 2 Type II and ISO 27001-certified infrastructure foundations, plus GDPR and CCPA-ready controls.
ANTI-patterns that make fraud worse
Recommendation: remove these patterns first. They are not neutral. They increase fraud surface area and make audit responses slower.
Do not verify identity only at background check initiation. Late gating means you spend interviewer capacity on an unverified identity and create rework when mismatches surface.
Do not allow identity overrides in Slack or email. Overrides without evidence packs create audit liabilities and unbounded exception behavior.
Do not let each vendor store the "truth" of identity separately. Tool-specific IDs without a canonical Candidate Identity ID cause silent mismatches and duplicate records.
IMPLEMENTATION runbook
Recommendation: implement unified candidate identity as an SLA-bound sequence with parallel checks, explicit owners, and logged evidence at every gate. The goal is speed with defensibility, not speed by omission. Below is a practical runbook structure that a Recruiting Ops director can operationalize with Security and hiring managers in one working session, then roll out job family by job family.
Step 1: Create Candidate Identity ID at application creation. SLA: immediate. Owner: Recruiting Ops. Evidence: ATS event "candidate_identity.created" with timestamp and candidate-provided identifiers.
Step 2: Trigger verification in parallel with screening. SLA: verification completed within 10 minutes for the standard path, else route to review. Owner: Recruiting Ops for workflow, Security for policy. Evidence: events "verification.started" and "verification.completed" with outcome and evidence references (doc auth, liveness, face match).
Step 3: Identity gate before interview access. SLA: access granted within 5 minutes of verification pass. Owner: Recruiting Ops. Evidence: event "interview.access_granted" linked to verification outcome; calendar invite ID stored as a reference, not as the source of truth.
Step 4: Step-up verification on risk triggers (for example mismatch, deepfake or proxy flags). SLA: human review within 4 business hours, hard stop at 1 business day. Owner: Security. Evidence: event "verification.step_up_required" plus reviewer decision with tamper-resistant notes and reason codes.
Step 5: Standardize rubrics and enforce submission. SLA: rubric submitted within 24 hours of interview completion. Owner: Hiring Manager. Evidence: rubric artifact attached to ATS record with event "rubric.submitted" and scorer identity.
Step 6: Gate assessment access to verified identity. SLA: assessment unlocked within 5 minutes after verification pass. Owner: Recruiting Ops. Evidence: event "assessment.access_granted" and telemetry summary event "assessment.completed" including plagiarism and execution telemetry references.
Step 7: Initiate background check using the same Candidate Identity ID and verification evidence pack. SLA: within 1 business day of finalist decision. Owner: Recruiting Ops, with Security policy constraints. Evidence: event "bgcheck.initiated" that references the evidence pack hash or ID and the exact payload fields sent.
Step 8: Offer approval requires completeness checks. SLA: offer ready within 1 business day after clears. Owner: Recruiting Ops. Evidence: event "offer.approval_requested" includes checklist completion and approver identity. If it is not logged, it is not defensible.
Related Resources
Key takeaways
- Treat candidate identity as an access control problem: identity gate before privileged steps like interviews, assessments, and background checks.
- A decision without evidence is not audit-ready. Persist identity evidence and reviewer actions in an immutable event log anchored to the ATS candidate record.
- Parallelized checks beat waterfall workflows. Trigger verification and risk-tiering as soon as an application is created, not after scheduling.
- Assign ownership explicitly: Recruiting Ops owns workflow and SLAs, Security owns policy and audit requirements, Hiring Managers own rubrics and scoring discipline.
- Use step-up verification for high-risk signals so the funnel does not stall for every candidate.
Purpose: Persist a canonical Candidate Identity ID across application, interview, assessment, and background check initiation.
Enforcement: Gate privileged steps on verification status, route exceptions to review-bound SLAs, and write every outcome into an ATS-anchored immutable event log.
policy:
name: unified-candidate-identity-v1
canonicalIdentity:
idField: candidate_identity_id
createdOnEvent: candidate.application_created
requiredForStages:
- phone_screen
- technical_assessment
- onsite_interview
- background_check
verification:
standardPath:
methods:
- document_auth
- liveness
- face_match
targetSLA:
completeWithinMinutes: 10
onPass:
emitEvent: verification.completed
setField:
verification_status: pass
onFail:
emitEvent: verification.completed
setField:
verification_status: fail
gateStages: [phone_screen, technical_assessment, onsite_interview, background_check]
onNeedsReview:
emitEvent: verification.needs_review
setField:
verification_status: needs_review
routeToQueue: security-identity-review
reviewSLA:
firstResponseHours: 4
hardStopBusinessDays: 1
accessGates:
interviewAccess:
requireVerificationStatus: pass
onGrant:
emitEvent: interview.access_granted
assessmentAccess:
requireVerificationStatus: pass
onGrant:
emitEvent: assessment.access_granted
backgroundCheckInitiation:
requireVerificationStatus: pass
requireArtifacts:
- evidence_pack_id
onInitiate:
emitEvent: bgcheck.initiated
evidence:
immutableEventLog:
required: true
writeBackToATS: true
requiredEventFields:
- event_name
- event_timestamp
- actor_role
- actor_id
- candidate_identity_id
- evidence_references
evidencePack:
generateOnStage: offer_approved
include:
- verification_outcomes
- reviewer_notes
- rubric_artifacts
- assessment_telemetry_refs
- bgcheck_payload_ref
overrides:
allow:
- name: security_override
allowedActorRole: security
requireReasonCode: true
requireAttachment: true
emitEvent: verification.override_applied
expiresInDays: 30
deny:
- name: email_or_slack_override
reason: "Overrides must be in-system and logged to remain defensible."Outcome proof: What changes
Before
Identity verification occurred inconsistently, often after interviews. Exceptions were handled in email threads, and background check initiation used rekeyed candidate data from multiple tools.
After
A canonical Candidate Identity ID was created at application and used to gate interview and assessment access. All verification outcomes and overrides were logged as ATS-anchored events, and a per-candidate evidence pack was generated at offer stage.
Implementation checklist
- Define a canonical Candidate Identity ID that is created at application and referenced by every downstream system.
- Implement an identity gate before interview access and assessment access.
- Require all identity, fraud, and scoring signals to write back into the ATS as time-stamped events.
- Set review-bound SLAs for manual exceptions and failed checks, with explicit owners.
- Generate an evidence pack per candidate at offer stage, including identity outcomes and approvals.
Questions we hear from teams
- What is a unified candidate identity in hiring operations?
- A unified candidate identity is a canonical identity object and ID that is created at application and referenced at every downstream step, with identity evidence and reviewer actions written as time-stamped events into an ATS-anchored audit trail.
- Where should identity verification sit in the pipeline?
- Identity verification should occur before privileged access steps such as interviews, assessments, and background check initiation. Late verification creates rework and makes it harder to prove chain of custody.
- How do you keep the funnel fast without verifying everyone the same way?
- Use risk-tiered funnel logic. Run a standard verification path for most candidates and trigger step-up verification only when fraud signals or mismatches appear, with review-bound SLAs and explicit owners.
- What makes a hiring decision audit-ready?
- A hiring decision is audit-ready when the approver, timestamp, rubric, and identity evidence are retrievable from a single source of truth, and any overrides are logged with reason codes and attachments.
Ready to secure your hiring pipeline?
Let IntegrityLens help you verify identity, stop proxy interviews, and standardize screening from first touch to final offer.
Watch IntegrityLens in action
See how IntegrityLens verifies identity, detects proxy interviewing, and standardizes screening with AI interviews and coding assessments.
